You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2020/06/08 06:54:43 UTC
[struts-examples] branch master updated (621a8db -> 24f12e0)
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git.
from 621a8db Upgrades Log4j to version 2.13.3
new 86d3d9b Suppresses outdated dependencies
new 24f12e0 Upgrades to latest versions
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
shiro-basic/pom.xml | 2 +-
src/etc/project-suppression.xml | 45 +++++++++++++++++++++++++++++++++++++++++
text-provider/pom.xml | 1 -
3 files changed, 46 insertions(+), 2 deletions(-)
[struts-examples] 02/02: Upgrades to latest versions
Posted by lu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git
commit 24f12e0c2faa3554328f4e03c0cbdbb6780518e0
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Mon Jun 8 08:54:36 2020 +0200
Upgrades to latest versions
---
shiro-basic/pom.xml | 2 +-
text-provider/pom.xml | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/shiro-basic/pom.xml b/shiro-basic/pom.xml
index 97c7c6e..e3f3bd0 100644
--- a/shiro-basic/pom.xml
+++ b/shiro-basic/pom.xml
@@ -13,7 +13,7 @@
<packaging>war</packaging>
<properties>
- <shiro.version>1.3.2</shiro.version>
+ <shiro.version>1.5.3</shiro.version>
</properties>
<dependencies>
diff --git a/text-provider/pom.xml b/text-provider/pom.xml
index c7d3a40..1907b6e 100644
--- a/text-provider/pom.xml
+++ b/text-provider/pom.xml
@@ -26,7 +26,6 @@
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
- <version>2.7</version>
</dependency>
</dependencies>
[struts-examples] 01/02: Suppresses outdated dependencies
Posted by lu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git
commit 86d3d9b950f1b80b5f61d0f5917ee04f431640c9
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Mon Jun 8 08:54:26 2020 +0200
Suppresses outdated dependencies
---
src/etc/project-suppression.xml | 45 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index c3016de..6190d0e 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -148,4 +148,49 @@
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
<vulnerabilityName>Possible XML Injection</vulnerabilityName>
</suppress>
+ <suppress>
+ <notes><![CDATA[file name: dwr-1.1.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/uk\.ltd\.getahead/dwr@.*$</packageUrl>
+ <cpe>cpe:/a:getahead:direct_web_remoting</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+ <cpe>cpe:/a:apache:commons_collections</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+ <vulnerabilityName>CVE-2015-6420</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+ <vulnerabilityName>CVE-2017-15708</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+ <vulnerabilityName>Remote code execution</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-beanutils-1.7.0.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl>
+ <cpe>cpe:/a:apache:commons_beanutils</cpe>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-beanutils-1.7.0.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl>
+ <vulnerabilityName>CVE-2014-0114</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: commons-beanutils-1.7.0.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl>
+ <vulnerabilityName>CVE-2019-10086</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[file name: dom4j-1.1.jar]]></notes>
+ <packageUrl regex="true">^pkg:maven/dom4j/dom4j@.*$</packageUrl>
+ <cpe>cpe:/a:dom4j_project:dom4j</cpe>
+ </suppress>
</suppressions>
\ No newline at end of file