Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: exclude unused vulnerable transitive dep bcprov-jdk15on #628

Merged
merged 1 commit into from
Nov 21, 2023
Merged

fix: exclude unused vulnerable transitive dep bcprov-jdk15on #628

merged 1 commit into from
Nov 21, 2023

Conversation

peterhaochen47
Copy link
Member

@peterhaochen47 peterhaochen47 commented Nov 20, 2023
edited
Loading

@peterhaochen47
fix: exclude unused vulnerable transitive dep bcprov-jdk15on
1c501c0 
- bcprov-jdk15on is a transitive dep we get from using
  spring-security-oauth2-autoconfigure, which is an EOL lib (and hence
  does not have further patches) we will replace.
- The bcprov-jdk15on version here is flagged with
  CVE-2020-0187 and CVE-2023-33201.
- Exclude bcprov-jdk15on to address these CVEs.
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.

@peterhaochen47 peterhaochen47 merged commit 31387f9 into main Nov 21, 2023
1 check passed
@peterhaochen47 peterhaochen47 deleted the pr/main/exclude-bcprov-jdk15on branch November 21, 2023 02:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hsinn0 hsinn0 hsinn0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@peterhaochen47 @cf-gitbot @hsinn0