-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug bounty for solving security issue - thank you @atomfrede #10402
Comments
Bounty claimed https://opencollective.com/generator-jhipster/expenses/10062 Thanks @jdubois for putting the bounty! It was great to work with everyone keeping calm on that issue! |
Yes that was awesome to work together on this! |
@atomfrede : can we close this ticket ? |
Yes |
Thanks for solving this problem! in the upgrade it states:
Which is not totally true because these methods has been removed:
should they be added with:
|
@tibistibi the methods signatures of RandomUtil should be the same, what is inside those methods did change |
yes clear! maybe good to add the information to the upgrade page? |
so for me i could fix it by replacing the RandomUtil file and add this:
|
@tibistibi RandomUtil depends on your auth type, Session auth has some extra methods. I couldn't find sample apps for Session or UAA, so you can see the various options here: https://github.com/ruddell/jhipster-examples/tree/cve-random-util-fixes |
This is linked to #10401
As discussed in the security advisory (not public yet), we put a $300 bug bounty for who was solving the issue (so $500 for reporting the issue, and $300 for solving it!).
@atomfrede you seem to have done the fix, so I'm assigning this to you, and adding the bounty here so we follow our usual process.
The text was updated successfully, but these errors were encountered: