Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(version-upgrade): update jococo from 0.8.8 to 0.8.10 #52

Merged
merged 1 commit into from
Oct 5, 2023
Merged

build(version-upgrade): update jococo from 0.8.8 to 0.8.10 #52

merged 1 commit into from
Oct 5, 2023

Conversation

sufyankhanrao
Copy link
Collaborator

What

This PR addresses the vulnerability of codehaus which is a transitive dependency through jococo. Upgraded jococo version from 0.8.8 to 0.8.10 verison. The vulnerability in codehaus states that the text contained in the command string could be interpreted as XML and allow for XML injection.

Why

To address this vulnerability

closes #51

Type of change

Select multiple if applicable.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause a breaking change)
  • Tests (adds or updates tests)
  • Documentation (adds or updates documentation)
  • Refactor (style improvements, performance improvements, code refactoring)
  • Revert (reverts a commit)
  • CI/Build (adds or updates a script, change in external dependencies)

Dependency Change

If a new dependency is being added, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Policy-of-adding-new-dependencies-in-the-core-libraries

Breaking change

If the PR is introducing a breaking change, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Guidelines-for-maintaining-core-libraries

Testing

List the steps that were taken to test the changes

Checklist

  • My code follows the coding conventions
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added new unit tests

@sufyankhanrao
build(version-upgrade): update jococo from 0.8.8 to 0.8.10
ea9f812 
This commit addresses the vulnerability of codehaus which is a transitive dependency through jococo. The vulnerability in codehaus states that the text contained in the command string could be interpreted as XML and allow for XML injection.

closes #51
@sufyankhanrao sufyankhanrao added the vulnerability fix This is used whenever any vulnerability is addressed in the library. label Oct 5, 2023
@sufyankhanrao sufyankhanrao self-assigned this Oct 5, 2023
@sufyankhanrao sufyankhanrao merged commit 2324626 into main Oct 5, 2023
7 checks passed
@sufyankhanrao sufyankhanrao deleted the 51-address-codehaus-vulnerability branch October 5, 2023 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@usamabintariq usamabintariq usamabintariq approved these changes

Assignees

@sufyankhanrao sufyankhanrao

Labels
vulnerability fix This is used whenever any vulnerability is addressed in the library.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Address Jococo vulnerability by upgrading from 0.8.8 to 0.8.10
2 participants
@sufyankhanrao @usamabintariq