-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unresolved CVE on JGit 5.x. Possible to move to JGit 6.x? #177
Comments
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
It would mean dropping Java 8 support but I think it is time for that anyway. |
tomasbjerre
added a commit
that referenced
this issue
Jan 27, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
This is released now, open issue again if any problems. |
Thanks for the quick turnaround on this :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi.
This project currently depends on JGit 5.13.1.202206130422-r which is associated with CVE-2023-4759.
This prevents projects that perform vulnerability scanning from building with a dependency to git-changelog-lib.
The CVE is resolved in JGit releases newer than 6.6.0.202305301015-r.
Regards
Christian
The text was updated successfully, but these errors were encountered: