Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE][HIGH] CVE-2021-40690 Updating xmlsec library #306

Open
wants to merge 1 commit into
base: 7.67.x-blue
Choose a base branch
from
Open

[CVE][HIGH] CVE-2021-40690 Updating xmlsec library #306

wants to merge 1 commit into from

Conversation

LightGuard
Copy link
Member

Fixes a CVE in xmlsec.

There's a CVE in the version of xmlsec that we use, it was fixed in 2.2.3, but we're also using version 2.2.6 elsewhere in the codebase, so I figured it made sense to use the same version in both places.

@LightGuard
Updating xmlsec library
cd3ad8a 
Fixes a CVE in xmlsec.

Signed-off-by: Jason Porter <lightguard.jp@gmail.com>

Bumping to same version we have elsewhere

Signed-off-by: Jason Porter <lightguard.jp@gmail.com>
@LightGuard LightGuard added the dependencies Pull requests that update a dependency file label Jan 23, 2025
@LightGuard LightGuard requested a review from baldimir January 23, 2025 19:14
@LightGuard
Copy link
Member Author

LightGuard commented Jan 23, 2025
edited
Loading 

  [INFO] -------------------------------------------------------------
  Error:  COMPILATION ERROR : 
  [INFO] -------------------------------------------------------------
  Error:  /home/runner/work/jbpm-work-items/jbpm-work-items/kiegroup_drools/kie-dmn/kie-dmn-feel-gwt/src/main/java/org/kie/dmn/feel/entrypoint/FEELEntryPoint.java:[19,48] cannot access org.jresearch.threetenbp.gwt.time.client.Support
    bad class file: /home/runner/.m2/repository/org/jresearch/gwt/time/org.jresearch.gwt.time/2.0.11/org.jresearch.gwt.time-2.0.11.jar(org/jresearch/threetenbp/gwt/time/client/Support.class)
      class file has wrong version 55.0, should be 52.0
      Please remove or make sure it appears in the correct subdirectory of the classpath.

This doesn't seem like it has anything to do with this PR.

@LightGuard
Copy link
Member Author

jenkins do fdb

@LightGuard LightGuard changed the title [NO-ISSUE] Updating xmlsec library [CVE][HIGH] CVE-2021-40690 Updating xmlsec library Jan 28, 2025
@baldimir
Copy link
Member

jenkins run cdb

@baldimir
Copy link
Member

jenkins run fdb

@LightGuard
Copy link
Member Author

Bad classfile on a GWT class. Is this happening in other PRs?

@LightGuard
Copy link
Member Author

Are we trying to get full green builds here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baldimir baldimir baldimir approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LightGuard @baldimir