-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for CVE-2976 + add CVE checker #624
Conversation
Signed-off-by: Omar Khasawneh <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's add this to CHANGELOG, e.g. "Fix: CVE-..."
Signed-off-by: Omar Khasawneh <[email protected]>
Thanks dblock, I just updated changelog. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @okhasawn!
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-624-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 d09bb4eea03b4dd71232c84df8e7ffaa448b8faf
# Push it to GitHub
git push --set-upstream origin backport/backport-624-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/backport-2.x Then, create a pull request where the |
* Fix for CVE-2976 + add CVE checker Signed-off-by: Omar Khasawneh <[email protected]> * Updated Changelog Signed-off-by: Omar Khasawneh <[email protected]> --------- Signed-off-by: Omar Khasawneh <[email protected]> (cherry picked from commit d09bb4e)
* Fix for CVE-2976 + add CVE checker Signed-off-by: Omar Khasawneh <[email protected]> * Updated Changelog Signed-off-by: Omar Khasawneh <[email protected]> --------- Signed-off-by: Omar Khasawneh <[email protected]> (cherry picked from commit d09bb4e) Co-authored-by: Omar Khasawneh <[email protected]>
Description
This PR will fix the remaining base branch CVE which requires an update to
checkstyle
's version, and also add a plugin that can be ran using this command:./gradlew java-client:dependencyCheckAnalyze
This plugin checks all dependencies in Gradle and will let you know of any CVE's that exist.
An example run before the fix:
After the fix:
Issues Resolved
CVE-2976
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.