Skip to content

fix(security): remediate OWASP/CWE audit findings (2026-06-30)#75

Merged
fdelbrayelle merged 1 commit into
mainfrom
fix/security-audit-20260630
Jul 1, 2026
Merged

fix(security): remediate OWASP/CWE audit findings (2026-06-30)#75
fdelbrayelle merged 1 commit into
mainfrom
fix/security-audit-20260630

Conversation

@fdelbrayelle

Copy link
Copy Markdown
Member

Summary

Remediates all findings (CRITICAL/HIGH/MEDIUM/LOW) from the 2026-06-30 automated security audit against OWASP Top 10 (2025), CWE Top 25, and OWASP ASVS Level 1.

Findings Fixed

  • HIGH — API token included in Lombok @ToString output — src/main/java/io/kestra/plugin/linear/LinearConnection.java:42 — Added @ToString.Exclude to the token field so the Linear API token is no longer emitted in plaintext via the Lombok-generated toString() (CWE-312, CWE-532, OWASP ASVS 2.10.4).

No MEDIUM or LOW findings were reported in the audit EPIC.

Testing

  • ./gradlew build passes
  • No regressions in existing tests

References

…audit

Fixes all CRITICAL/HIGH/MEDIUM/LOW findings identified in the automated security audit.
Part of security audit EPIC. See kestra-io/kestra-ee#9092 for full scope.
@fdelbrayelle fdelbrayelle added the kind/security Security-related issue label Jun 30, 2026
@fdelbrayelle fdelbrayelle enabled auto-merge (squash) June 30, 2026 21:03
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

📦 Artifacts

Name Size Updated Expiration
jar 29.52 KB Jun 30, 26, 9:04:27 PM UTC Jul 7, 26, 9:04:26 PM UTC

🧪 Java Unit Tests

TestsPassedSkipped ⚠️FailedTime ⏱
Java Tests Report1 ran0 ✅1 ⚠️0 ❌1ms

🔁 Unreleased Commits

1 commits since v1.3.3

SHA Title Author Date
3aa3ab8 chore(deps): group io.kestra.gradle.* dependabot updates Malay Dewangan Jun 30, 26, 10:16:46 AM UTC

@github-actions

Copy link
Copy Markdown
Contributor

Tests report quick summary:

success ✅ > tests: 1, success: 0, skipped: 1, failed: 0

unfold for details
Project Status Success Skipped Failed
plugin-linear skipped ⏭️ 0 1 0

@fdelbrayelle fdelbrayelle disabled auto-merge June 30, 2026 21:08
@fdelbrayelle fdelbrayelle enabled auto-merge (squash) June 30, 2026 21:57
@fdelbrayelle fdelbrayelle merged commit 64bdaab into main Jul 1, 2026
7 checks passed
@fdelbrayelle fdelbrayelle deleted the fix/security-audit-20260630 branch July 1, 2026 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/security Security-related issue

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants