Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump everit-json-schema to mitigate CVE-2023-5072 [HZ-3518] [5.3.3] #25773

Merged
merged 1 commit into from
Oct 19, 2023
Merged

Bump everit-json-schema to mitigate CVE-2023-5072 [HZ-3518] [5.3.3] #25773

merged 1 commit into from
Oct 19, 2023

Conversation

vbekiaris
Copy link
Contributor

@vbekiaris vbekiaris commented Oct 19, 2023
edited by JackPGreen
Loading

so it depends on an org.json:json version that is not vulnerable to GHSA-rm7j-f5g5-27vv

Fixes #25768 in 5.3.3 branch.

  • Backport to 5.3.z, 5.2.z & 5.1.z

@vbekiaris vbekiaris added this to the 5.3.3 milestone Oct 19, 2023
@vbekiaris vbekiaris added the dependencies Pull requests that update a dependency file label Oct 19, 2023
@vbekiaris vbekiaris added Source: Internal PR or issue was opened by an employee Add to Release Notes labels Oct 19, 2023
@JackPGreen JackPGreen changed the title Upgrade artifact com.github.erosb:everit-json-schema Upgrade artifact com.github.erosb:everit-json-schema [HZ-3518] Oct 19, 2023
@vbekiaris
Copy link
Contributor Author

run-lab-run

@frant-hartm frant-hartm changed the title Upgrade artifact com.github.erosb:everit-json-schema [HZ-3518] Bump com.github.erosb:everit-json-schema version to 1.14.3 [HZ-3518] Oct 19, 2023
@frant-hartm frant-hartm changed the title Bump com.github.erosb:everit-json-schema version to 1.14.3 [HZ-3518] Bump everit-json-schema to mitigate CVE-2023-5072 [HZ-3518] Oct 19, 2023
@frant-hartm frant-hartm changed the title Bump everit-json-schema to mitigate CVE-2023-5072 [HZ-3518] Bump everit-json-schema to mitigate CVE-2023-5072 [HZ-3518] [5.3.3] Oct 19, 2023
@vbekiaris vbekiaris merged commit b7c8d0d into hazelcast:5.3.3 Oct 19, 2023
8 checks passed
@vbekiaris vbekiaris deleted the fixes/5.3.3/upgrade-org-json branch October 19, 2023 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kwart kwart kwart approved these changes

@frant-hartm frant-hartm frant-hartm approved these changes

@ldziedziul ldziedziul Awaiting requested review from ldziedziul

Assignees
No one assigned
Labels
Add to Release Notes dependencies Pull requests that update a dependency file Source: Internal PR or issue was opened by an employee Type: Defect
Projects
None yet
Milestone
5.3.5
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vbekiaris @kwart @frant-hartm