Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Libs #2594

Merged
merged 6 commits into from
Feb 21, 2024
Merged

Update Libs #2594

merged 6 commits into from
Feb 21, 2024

Conversation

tesshucom
Copy link
Owner

@tesshucom tesshucom commented Feb 21, 2024
edited

🐥Maintenance

  • Postgres and Spring Security will be updated.
    • Postgres(CVE-2024-1597) and Spring Security(CVE-2024-22234) CVE warnings do not affect Jpsonic. However, we will receive false positive warnings here and there, so the library will be updated 😉
  • jupnp will be upgraded to major version 3.0.0
    • Suppression for CVE-2021-21266 has been added, but there is no problem. jupnp is published on openHAB, but this is a caveat for the libraries used in the process of publishing it. Not included in Jpsonic products

Jpsonic's library updates are very fast, so as long as you use the latest version, you won't run into many CVE warnings. Docker configuration is also tracked, but the reported content will match warnings for upstream images (eclipse-temurin).

Jpsonic Image (Alpine)

image

Jpsonic Image (Jammy)

image

Since eclipse-temurin is an official image, any problems should be resolved transitively.

🌬 💨Notice about known issues 🐬🌫🌊 🏄🌫🌫🚣‍♂️🌫🌫🏊🌫

Degradation is currently confirmed in v114. This will be fixed soon, so please wait a moment.

The workaround is as follows.

  • Do not save settings on the General Settings page (you can view them). This problem will be resolved in a few days.
  • If you really want to change the settings, there is a way to temporarily use v113. For Docker, temporarily use image: 'jpsonic/jpsonic:113'
    • v113 and v114 are data compatible. After changing the settings, there is no problem even if you return to v114(latest) again.

tesshucom and others added 6 commits February 22, 2024 06:15
@tesshucom
Bump jupnp from 2.7.1 to 3.0.0
4d54215
@snyk-bot @tesshucom
Bump spring-security from 6.2.1 to 6.2.2
d315b36 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6254467
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6254469
@dependabot @tesshucom
Bump postgresql from 42.7.1 to 42.7.2
f19b9ca 
Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.1 to 42.7.2.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pgjdbc/pgjdbc/commits)

---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@tesshucom
Update Libs
2079a98
@tesshucom
Merge branch 'hotfix' into release
cb3a329
@tesshucom
Version iterate
3ceb621
@tesshucom tesshucom added type: dependency-upgrade A dependency upgrade type: hotfix Should be in patch release instead of next version release labels Feb 21, 2024
@tesshucom tesshucom added this to the jpsonic 114.1 milestone Feb 21, 2024
@tesshucom tesshucom self-assigned this Feb 21, 2024
@tesshucom tesshucom changed the title Release Update Libs Feb 21, 2024
@tesshucom tesshucom merged commit c5ae8bb into master Feb 21, 2024
3 checks passed
@tesshucom tesshucom deleted the release branch February 22, 2024 00:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tesshucom tesshucom

Labels
type: dependency-upgrade A dependency upgrade type: hotfix Should be in patch release instead of next version release
Projects
None yet
Milestone
jpsonic 114.1
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tesshucom @snyk-bot