You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by GitBox <gi...@apache.org> on 2021/08/29 18:35:58 UTC

[GitHub] [brooklyn-server] jcabrerizo opened a new pull request #1237: Bump xstream to 1.4.18 due to high level vulnerabilities

jcabrerizo opened a new pull request #1237:
URL: https://github.com/apache/brooklyn-server/pull/1237


   Snyk detected the next vulnerabilities on prev version:
   ```
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Remote Code Execution (RCE) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Server-Side Request Forgery (SSRF) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190] in com.thoughtworks.xstream:xstream@1.4.17
     ✗ Server-Side Request Forgery (SSRF) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191] in com.thoughtworks.xstream:xstream@1.4.17
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@brooklyn.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [brooklyn-server] asfgit closed pull request #1237: Bump xstream to 1.4.18 due to high level vulnerabilities

Posted by GitBox <gi...@apache.org>.

asfgit closed pull request #1237:
URL: https://github.com/apache/brooklyn-server/pull/1237


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@brooklyn.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [brooklyn-server] ahgittin commented on pull request #1237: Bump xstream to 1.4.18 due to high level vulnerabilities

Posted by GitBox <gi...@apache.org>.

ahgittin commented on pull request #1237:
URL: https://github.com/apache/brooklyn-server/pull/1237#issuecomment-908280636


   looks good; not sure of all the implications but will find out quickly if it doesn't work well enough, which I think is unlikely.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@brooklyn.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [brooklyn-server] iuliana commented on pull request #1237: Bump xstream to 1.4.18 due to high level vulnerabilities

Posted by GitBox <gi...@apache.org>.

iuliana commented on pull request #1237:
URL: https://github.com/apache/brooklyn-server/pull/1237#issuecomment-908292897


   That is what I was afraid too, @ahgittin . There are always some dependencies that will cause us headaches. And the brooklyn build crashed...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@brooklyn.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org