Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical CVE-2024-1597 in dependencies #2216

Open
wyohm opened this issue Jul 12, 2024 · 6 comments
Open

Critical CVE-2024-1597 in dependencies #2216

wyohm opened this issue Jul 12, 2024 · 6 comments

Comments

@wyohm
Copy link

wyohm commented Jul 12, 2024

There is a current dependency on postgresql v42.5.1. That version has a critical CVE ( CVE-2024-1597 ). The issue is fixed in patch version 42.5.5 (and in other minor versions).
@davecramer
Copy link

where is this a dependency ?

@wyohm
Copy link
Author

wyohm commented Jul 22, 2024

In the POM.

@davecramer
Copy link

It's only used for testing it is not shipped in the jar

@wyohm
Copy link
Author

wyohm commented Jul 22, 2024

Ah, yes, I see that. It's listed as a "Vulnerability from dependencies" for HikariCP, but because it's just a test dependency, doesn't seem to show as a vulnerability for downstream projects.
Can close as far as I'm concerned. Or leave open to fix for test dependencies.

@davecramer
Copy link

Well you can always create a PR

@Vladimir-Goncharov21
Copy link

I think I can do it, if the PR only requires upgrading the version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davecramer @wyohm @Vladimir-Goncharov21