Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Junit version to address CVE-2020-15250 #163

Merged
merged 1 commit into from
Dec 15, 2023

Conversation

pietrygamat
Copy link
Collaborator

Junit 4.12 is flagged as vulnerable to CVE-2020-15250. Although realistically this is not a threat to library users, it's worth updating to avoid being flagged on Maven Central.

@pietrygamat pietrygamat added this to the 2.9.6 milestone Dec 15, 2023
@pietrygamat pietrygamat merged commit 856430e into master Dec 15, 2023
26 checks passed
@pietrygamat pietrygamat deleted the update-junit-CVE-2020-15250 branch December 15, 2023 22:07
@tresf
Copy link

tresf commented Dec 15, 2023

Why would maven flag us on a test dependency? Does it actually track to that level?

@pietrygamat
Copy link
Collaborator Author

pietrygamat commented Dec 15, 2023

Heh, the beauty of automated security scans :) . On the plus side - that's actually not Maven Central's flags, but mvnrepository.com's.

Sonatype's Maven Central scores jssc 9/10 with zero threats - even before the update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants