Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Apache commons-text #4233

Closed
barthanssens opened this issue Oct 13, 2022 · 2 comments · Fixed by #4234
Closed

Update Apache commons-text #4233

barthanssens opened this issue Oct 13, 2022 · 2 comments · Fixed by #4234
Assignees
@barthanssens
Labels
🐞 bug issue is a bug dependencies Pull requests that update a dependency file security
Milestone
4.2.1

Comments

@barthanssens
Copy link
Contributor

Current Behavior

RDF4J currently uses Apache Commons Text 1.9, which is affected by CVE-2022-42889.
Probably it does not a real issue for RDF4J.

Expected Behavior

Upgrade to v1.10.0 just to be sure

Steps To Reproduce

No response

Version

4.2.0

Are you interested in contributing a solution yourself?

Yes

Anything else?

No response
@barthanssens barthanssens added 🐞 bug issue is a bug security dependencies Pull requests that update a dependency file labels Oct 13, 2022
@barthanssens barthanssens self-assigned this Oct 13, 2022
@barthanssens barthanssens added this to the 4.2.1 milestone Oct 13, 2022
@barthanssens barthanssens added the ✋ CQ-Pending requires a CQ to be approved label Oct 13, 2022
@barthanssens
Copy link
Contributor Author

Probably need to look into the new way of filing CQs (https://github.com/eclipse/dash-licenses)

barthanssens added a commit to Fedict/rdf4j that referenced this issue Oct 13, 2022
@barthanssens
eclipse-rdf4jGH-4233: upgrade apache commons text dependency
de9e753 
Signed-off-by: Bart Hanssens <[email protected]>
@barthanssens barthanssens mentioned this issue Oct 13, 2022
Merged
5 tasks
@barthanssens barthanssens removed the ✋ CQ-Pending requires a CQ to be approved label Oct 14, 2022
@barthanssens
Copy link
Contributor Author

barthanssens commented Oct 14, 2022
edited
Loading

Followed the new IP procedure using the Eclipse Dash Licenses tool (https://github.com/eclipse/dash-licenses), seems ok

[main] INFO Querying Eclipse Foundation for license data for 1 items.
[main] INFO Found 0 items.
[main] INFO Querying ClearlyDefined for license data for 1 items.
[main] INFO Found 1 items.
[main] INFO Vetted license information was found for all content. No further investigation is required.

barthanssens added a commit that referenced this issue Oct 14, 2022
@barthanssens
GH-4233: upgrade apache commons text dependency (#4234)
f0025be 
Signed-off-by: Bart Hanssens <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barthanssens barthanssens

Labels
🐞 bug issue is a bug dependencies Pull requests that update a dependency file security
Projects
None yet
Milestone
4.2.1
Development

Successfully merging a pull request may close this issue.

GH-4233: upgrade apache commons text dependency Fedict/rdf4j
1 participant
@barthanssens