Fix dependency vulnerabilities of the configuration-server in v2.2.0 #1553
Assignees
Labels
Comments
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
changed the title
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 9, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 14, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 14, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 14, 2022
heiko-holz
pushed a commit
to heiko-holz/inspectit-ocelot
that referenced
this issue
Dec 21, 2022
quandor
added a commit
that referenced
this issue
Dec 21, 2022
* fix(dependencies): upgrade snakeyaml, logback, and jacksondatabind [#1553] * fix(dependencies): adjust spring-boot-test version [#1553] * fix(dependencies): adjust spring-beans version in configuration-server [#1553] * fix(dependencies): fix dependencies for configdocsgenerator [#1553] * fix(dependencies): upgrade snakeyaml, logback, and jacksondatabind [#1553] * fix(dependencies): adjust spring-beans version in configuration-server [#1553] * fix(dependencies): add owasp dependency check plugin * fix(dependencies): upgrade commons-text to v1.10 [#1553] * fix(dependencies): increase CycloneDX BOM schemaVersion to v1.4 [#1553] * fix(dependencies): upgrade gson [#1533] * fix(dependencies): upgrade jackson-databind [#1553] * fix(dependencies): upgrade spring-boot and spring in configserver [#1533] * fix(dependencies): migrate from SpringFox to openapi [#1533] * Allow anonymous access to Swagger file * Some Dependency upgrades * No jacksonDatabindVersion necessary anymore * Help if configuration server ui does not start * Noch mehr Verbesserungen * Weitere kleine Verbesserung * Correct THIRD-PARTY-LICENSES.txt * Example values included for API-Documentation * Explains why some paths are excluded from security * Removes unused dependency * Removes unnecessary version info Version depends on versions from included projects * Fixes failing test A version upgrade of Mockito caused this. Newer versions do know the return type of java.time.Duration and return 0s instead of null. Hence the assert broke. Since the author did not understand the reason to use a mock, we switched to a real object instead. * Unify jUnit and mockito version At least for some projects * Reintroduces prematurely removed version info. But aligned via properties with other projects. * Removes unused gradle.properties in module directory * Reverts an unintentional change * Removes spring-boot-managed dependency versions * Removes TODO after discussing * No version for REST-Api * fix(swagger): sort schemas alphabetically in swagger-ui [#1553] * Comment about how dependency versions are resolved * Uses current version of OWASP plugin Co-Authored-By: Jochen Just <jochen.just@novatec-gmbh.de>
heiko-holz
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
configuration-serverof the current release (v2.2.0) has varioussecurity-highandriskin its dependencies, e.g.,In this issue, these dependencies (also transitively) need to be updated so that we do not have any vulnerabilities in the configuration server.
The text was updated successfully, but these errors were encountered: