·
14 commits
to refs/heads/master
since this release
🔒 Security
When using the bundled WireMock JAR in environments with potential unprivileged access to other services, the library is potentially vulnerable to the following issues:
- CVE-2023-41327 - Controlled SSRF through URL in the WireMock Webhooks Extension and WireMock Studio
- Overall CVSS Score: 4.3 (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C)
- CVE-2023-41329 - Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
- Overall CVSS Score: 3.6 (AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)
📦 Dependency updates
- Update the bundled WireMock version from 2.35.0 to 2.35.1 (#92) @oleg-nenashev
📝 Documentation updates
- Fix broken links in documentation (#88) @datadeverik
- Move the contributing guide to the documentation and publish it on the site (#85) @oleg-nenashev
- Restructure examples and add the examples to the website (#84) @oleg-nenashev
- Add a new Quick Start example (#84) @oleg-nenashev
👻 Maintenance
- Pin Poetry in the Pipelines (#92) @oleg-nenashev
Contributors
oleg-nenashev and erikkristoferanderson