Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #5077 - Dependency updates for CVEs: bouncycastle, spring, c3p0, moment.js #5106

Merged
merged 2 commits into from Jul 31, 2019

Conversation

@ahormazabal
Copy link
Contributor

commented Jul 31, 2019

This PR addresses the following library upgrades:

  • Tomcat-JDBC to 8.5.43 -- CVE-2019-0232
  • Spring framework to 4.3.24.RELEASE -- CVE-2018-15756
  • c3p0 to 0.9.5.4 -- CVE-2019-5427
  • bouncycastle to 1.62 -- CVE-2018-1000613
  • Removed unused moment.js 2.14.1 library -- CVE-2017-18214

Fixes #5077

Alberto Hormazabal added some commits Jul 31, 2019

Alberto Hormazabal
version bumps of tomcat and spring framwork to address reported vulne…
…rabilities. Sets dependency constraints to address vulnerabilities of transitive dependencies: c3p0, bouncycastle.

@ahormazabal ahormazabal force-pushed the ahormazabal:vbumps/update-201907-2 branch from ab679ab to 8b51138 Jul 31, 2019

@ahormazabal ahormazabal self-assigned this Jul 31, 2019

@ahormazabal ahormazabal changed the title Dependency updates for CVEs: bouncycastle, spring, c3p0, moment.js Issue #5077 - Dependency updates for CVEs: bouncycastle, spring, c3p0, moment.js Jul 31, 2019

@ahormazabal ahormazabal requested a review from gschueler Jul 31, 2019

@gschueler gschueler merged commit 36b7cea into rundeck:master Jul 31, 2019

20 checks passed

Mergeable Mergeable Run has been Completed!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
security/snyk - build.gradle (rundeck) No manifest changes detected
security/snyk - core/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/copyfile-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/flow-control-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/git-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/jasypt-encryption-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/job-state-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/localexec-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/orchestrator-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/script-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/source-refresh-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/stub-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/upvar-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeck-storage/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeckapp/build.gradle (rundeck) No new issues
Details
security/snyk - rundeckapp/grails-spa/package.json (rundeck) No manifest changes detected
security/snyk - rundeckapp/metricsweb/build.gradle (rundeck) No manifest changes detected

@gschueler gschueler added this to the 3.1.0 milestone Jul 31, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.