Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FOLSPRINGB-121: okio-jvm 3.4.0 fixing DoS CVE-2023-3635 #113

Merged
merged 1 commit into from
Sep 27, 2023
Merged

FOLSPRINGB-121: okio-jvm 3.4.0 fixing DoS CVE-2023-3635 #113

merged 1 commit into from
Sep 27, 2023

Conversation

julianladisch
Copy link
Contributor

Upgrade okio-jvm from 3.0.0 to 3.4.0 fixing a Denial of Service (DoS) vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2023-3635

A minor version bump is needed for this security fix. Upstream projects don't do a minor version bump, this must be done by FOLIO. It's compatible.
square/okhttp#7944
square/okhttp#7994
spring-projects/spring-boot#36450
´

@julianladisch
FOLSPRINGB-121: okio-jvm 3.4.0 fixing Denial of Service (DoS) CVE-202…
448281a 
…3-3635

Upgrade okio-jvm from 3.0.0 to 3.4.0 fixing a Denial of Service (DoS) vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2023-3635

A minor version bump is needed for this security fix. Upstream projects don't do
a minor version bump, this must be done by FOLIO. It's compatible.
square/okhttp#7944
square/okhttp#7994
spring-projects/spring-boot#36450
@julianladisch julianladisch requested a review from a team as a code owner September 22, 2023 08:53
@sonarcloud
Copy link

sonarcloud bot commented Sep 22, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@steveellis
Copy link

Pretty appalling that Okhttp won't do a release to fix this...

@julianladisch julianladisch merged commit f984b75 into master Sep 27, 2023
5 checks passed
@julianladisch julianladisch deleted the FOLSPRINGB-121-okio-jvm-3.4.0 branch September 27, 2023 05:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steveellis steveellis steveellis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@julianladisch @steveellis