You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Overview:
org.postgresql:postgresql is a Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver.
Man-in-the-Middle (MitM) https://app.snyk.io/org/fecgov/project/e6c155e9-f0ac-4a49-98fa-83c24f5b74b3/
Test with manual deploy - make sure flyway checks to see if there are any new migrations
Test migration with headless app (look for flyway-independent-migration) As a team we decided we could skip this step since we tested it with the last upgrade. We find manual deploy to be sufficient.
Give devs instructions on updating local
The text was updated successfully, but these errors were encountered:
JonellaCulmer
changed the title
[High]fecgov/openFEC:data/flyway/build.gradle - need a fix by 20190428
[High]fecgov/openFEC:data/flyway/build.gradle - need a fix by Apr. 28, 2019
Mar 29, 2019
@lbeaufort I have installed the latest version of flyway 5.2.4 and ran the migrations against my local test db. This latest version of flyway comes with an upgraded postgressql-42.2.5.jre6.jar. Didnt run into any issues on my local. Hope this helps.
lbeaufort
changed the title
[High]fecgov/openFEC:data/flyway/build.gradle - need a fix by Apr. 28, 2019
[High] fecgov/openFEC:data/flyway/build.gradle - need a fix by Apr. 28, 2019
Apr 8, 2019
Overview:
org.postgresql:postgresql is a Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver.
Man-in-the-Middle (MitM)
https://app.snyk.io/org/fecgov/project/e6c155e9-f0ac-4a49-98fa-83c24f5b74b3/
Vulnerable module: org.postgresql:postgresql
Introduced through: org.flywaydb:flyway-commandline@5.1.3
Detailed paths :
Introduced through: project@0.0.0 › org.flywaydb:flyway-commandline@5.1.3 › org.postgresql:postgresql@42.2.2.jre6
Remediation :
Upgrade org.postgresql:postgresql to version 42.2.5 or higher.
Test migration with headless app (look forAs a team we decided we could skip this step since we tested it with the last upgrade. We find manual deploy to be sufficient.flyway-independent-migration
)The text was updated successfully, but these errors were encountered: