Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix code scanning alert - Spring-Kafka has Java Deserialization vulnerability When Improperly Configured #5794

Closed
1 task
corneil opened this issue May 8, 2024 · 0 comments · Fixed by #5798
Closed
1 task

Fix code scanning alert - Spring-Kafka has Java Deserialization vulnerability When Improperly Configured #5794

corneil opened this issue May 8, 2024 · 0 comments · Fixed by #5798
Assignees
@corneil
Milestone
2.11.3

Comments

@corneil
Copy link
Contributor

corneil commented May 8, 2024

Tracking issue for:
@corneil corneil self-assigned this May 8, 2024
corneil added a commit to corneil/spring-cloud-dataflow that referenced this issue May 8, 2024
@corneil
Update versions for CVEs
05fb0ff 
Bump netty versions to 4.1.109
Bump reactor-netty to 1.0.44
Bump numbus-jose-jwt to 9.37.2
Bump embedded-tomcat to 9.0.88
Bump rsocket to 1.1.4

Fixes spring-cloud#5794
onobc added a commit to onobc/spring-cloud-dataflow that referenced this issue May 9, 2024
@onobc
Update Spring Kafka to 2.9.13 for CVE-2023-34040
0ed4a22 
The updated version (2.9.13) has 1 CVE for its use of json-path 2.6.0.
This is mitigated by the pre-existing override to json-path 2.9.0.

Resolves spring-cloud#5794
@onobc onobc mentioned this issue May 9, 2024
Merged
corneil added a commit that referenced this issue May 9, 2024
@onobc @corneil
Update Spring Kafka to 2.9.13 for CVE-2023-34040 (#5798)
a6da2a4 
The updated version (2.9.13) has 1 CVE for its use of json-path 2.6.0.
This is mitigated by the pre-existing override to json-path 2.9.0.

Resolves #5794

Co-authored-by: Corneil du Plessis <corneil.du-plessis@broadcom.com>
@corneil corneil added this to the 2.11.3 milestone May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@corneil corneil

Labels
None yet
Projects
None yet
Milestone
2.11.3
Development

Successfully merging a pull request may close this issue.

Update Spring Kafka to 2.9.13 for CVE-2023-34040 onobc/spring-cloud-dataflow
1 participant
@corneil