[Backport 3.30] Fix CVE #3086

c2c-bot-gis-ci · 2023-10-23T14:23:25Z

Backport of #3083

Error on cherry picking:
Error on backporting to branch 3.30, error on cherry picking 3eebb11:

To continue do:
git fetch && git checkout backport/3083-to-3.30 && git reset --hard HEAD^
git cherry-pick 3eebb11
git push origin backport/3083-to-3.30 --force

Upgrade com.github.spotbugs:[email protected] to com.github.spotbugs:[email protected] to fix ✗ Out-of-bounds Write [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEBCEL-3106013] in org.apache.bcel:[email protected] introduced by com.github.spotbugs:[email protected] > org.apache.bcel:[email protected] Upgrade io.sentry:[email protected] to io.sentry:[email protected] to fix Upgrade org.hibernate:[email protected] to org.hibernate:[email protected] to fix Upgrade org.json:json@20230227 to org.json:json@20231013 to fix ✗ Allocation of Resources Without Limits or Throttling (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464] in org.json:json@20230227 introduced by org.json:json@20230227

sbrunner force-pushed the backport/3083-to-3.30 branch from 866530b to 451782f Compare October 23, 2023 14:47

sbrunner approved these changes Oct 23, 2023

View reviewed changes

sbrunner merged commit 49b78d2 into 3.30 Oct 23, 2023
3 checks passed

sbrunner deleted the backport/3083-to-3.30 branch October 23, 2023 15:09

sbrunner added the security Security fixes label Sep 5, 2024

geo-ghci-int bot added this to the 3.30.7 milestone Sep 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport 3.30] Fix CVE #3086

[Backport 3.30] Fix CVE #3086

c2c-bot-gis-ci commented Oct 23, 2023

[Backport 3.30] Fix CVE #3086

[Backport 3.30] Fix CVE #3086

Conversation

c2c-bot-gis-ci commented Oct 23, 2023