Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade json-smart to Address CVE-2023-1370 in Main Standalone Jar #15750

Closed
mn-mikke opened this issue Sep 12, 2023 · 1 comment · Fixed by #15751 or #15763
Closed

Upgrade json-smart to Address CVE-2023-1370 in Main Standalone Jar #15750

mn-mikke opened this issue Sep 12, 2023 · 1 comment · Fixed by #15751 or #15763
Assignees
@mn-mikke
Labels
Security Vulnerability
Milestone
3.44.0.1

Comments

@mn-mikke
Copy link
Collaborator

No description provided.

@mn-mikke mn-mikke added this to the 3.44.0.1 milestone Sep 12, 2023
@mn-mikke mn-mikke self-assigned this Sep 12, 2023
mn-mikke added a commit that referenced this issue Sep 12, 2023
@mn-mikke
[GH-15750] Upgrade json-smart to Address CVE-2023-1370 in Main Standa…
45b6e22 
…lone Jar
@mn-mikke mn-mikke mentioned this issue Sep 12, 2023
Merged
mn-mikke added a commit that referenced this issue Sep 13, 2023
@mn-mikke
Merge branch 'master' into mn/GH-15750
606daab
mn-mikke added a commit that referenced this issue Sep 13, 2023
@mn-mikke
Merge pull request #15751 from h2oai/mn/GH-15750
0ccb135 
[GH-15750] Upgrade json-smart to Address CVE-2023-1370 in Main Standalone Jar
@mn-mikke
Copy link
Collaborator Author

The Prisma scan still reports the version 2.4.7. It looks nimbus-jose-jwt relocates the package and the version is still captured in META-INF/maven.

@mn-mikke mn-mikke reopened this Sep 15, 2023
mn-mikke added a commit that referenced this issue Sep 15, 2023
@mn-mikke
[GH-15750][FOLLOWUP] Upgrade nimbus-jose-jwt to get rid of json-smart…
a2ff3af 
… lib
@mn-mikke mn-mikke mentioned this issue Sep 15, 2023
Merged
mn-mikke added a commit that referenced this issue Sep 15, 2023
@mn-mikke
Merge branch 'master' into mn/GH-15750-followup
f6c3049
mn-mikke added a commit that referenced this issue Sep 18, 2023
@mn-mikke
Merge pull request #15763 from h2oai/mn/GH-15750-followup
fbf3a90 
[GH-15750][FOLLOWUP] Upgrade nimbus-jose-jwt to get rid of json-smart lib
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mn-mikke mn-mikke

Labels
Security Vulnerability
Projects
None yet
Milestone
3.44.0.1
2 participants
@mn-mikke @valenad1