Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Developers Guide Java example has dependencies with vulnerabilities [DOC139] #142

Closed
firebird-automations opened this issue Oct 16, 2018 · 6 comments

Comments

@firebird-automations
Copy link

Submitted by: @mrotteveel

The Java example of the Developers Guide has a number dependencies that have known vulnerabilities (we were notified by GitHub). These need to be updated.

Specifically:

org.springframework:spring-core >= 4.3.0, < 4.3.18 defined in pom.xml.
pom.xml update suggested: org.springframework:spring-core ~> 4.3.18.

com.fasterxml.jackson.core:jackson-databind < 2.8.11.1 defined in pom.xml.
pom.xml update suggested: com.fasterxml.jackson.core:jackson-databind ~> 2.8.11.1.

Commits: 9597272 60268b4

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

Paul, I will do this; but I don't have enough rights to assign this ticket to myself.

@firebird-automations
Copy link
Author

Modified by: @mrotteveel

description: The Java example of the Developers Guide has a number dependencies that have known vulnerabilities (we were notified by GitHub). These need to be updated.

Specifically:

org.springframework:spring-core >= 4.3.0, < 4.3.18 defined in pom.xml.
pom.xml update suggested: org.springframework:spring-core ~> 4.3.18.

com.fasterxml.jackson.core:jackson-databind >= 2.8.0, < 2.8.9 defined in pom.xml.
pom.xml update suggested: com.fasterxml.jackson.core:jackson-databind ~> 2.8.9.

=>

The Java example of the Developers Guide has a number dependencies that have known vulnerabilities (we were notified by GitHub). These need to be updated.

Specifically:

org.springframework:spring-core >= 4.3.0, < 4.3.18 defined in pom.xml.
pom.xml update suggested: org.springframework:spring-core ~> 4.3.18.

com.fasterxml.jackson.core:jackson-databind < 2.8.11.1 defined in pom.xml.
pom.xml update suggested: com.fasterxml.jackson.core:jackson-databind ~> 2.8.11.1.

@firebird-automations
Copy link
Author

Modified by: @paulvink

assignee: Paul Vinkenoog [ paulvink ] => Mark Rotteveel [ avalanche1979 ]

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

Pull request: #9

@firebird-automations
Copy link
Author

Commented by: @mrotteveel

Published updated HTML + PDF and example zip on the site.

@firebird-automations
Copy link
Author

Modified by: @mrotteveel

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants