You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by "coheigea (via GitHub)" <gi...@apache.org> on 2023/07/19 09:59:28 UTC

[GitHub] [camel] coheigea opened a new pull request, #10722: Upgrade batik version to 1.16 (#9718)

coheigea opened a new pull request, #10722:
URL: https://github.com/apache/camel/pull/10722

   # Description
   
   Backporting upgrade from main to fix:
   
   org.apache.xmlgraphics:batik-bridge (batik-bridge-1.15.jar)  │ CVE-2022-41704 │          │ 1.15              │ 1.16                           │ Apache XML Graphics Batik vulnerable to code execution via  │
   │                                                              │                │          │                   │                                │ SVG                                                         │
   │                                                              │                │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-41704                  │
   ├──────────────────────────────────────────────────────────────┤                │          │                   │                                │                                                             │
   │ org.apache.xmlgraphics:batik-dom (batik-dom-1.15.jar)        │                │          │                   │                                │                                                             │
   │                                                              │                │          │                   │                                │                                                             │
   │                                                              │                │          │                   │                                │                                                             │
   │                                                              ├────────────────┤          │                   │                                ├─────────────────────────────────────────────────────────────┤
   │                                                              │ CVE-2022-42890 │          │                   │                                │ Untrusted code execution in Apache XML Graphics Batik       │
   │                                                              │                │          │                   │                                │ https://avd.aquasec.com/nvd/cve-2022-42890                  │
   ├──────────────────────────────────────────────────────────────┤                │          │                   │                                │                                                             │
   │ org.apache.xmlgraphics:batik-script (batik-script-1.15.jar)  │                │          │                   │                                │                                                             │
   │                                                              │                │          │                   │                                │                                                             │
   
   I also intend to open PRs against 3.21.x + 3.20.x


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


[GitHub] [camel] coheigea merged pull request #10722: Upgrade batik version to 1.16 (#9718)

Posted by "coheigea (via GitHub)" <gi...@apache.org>.
coheigea merged PR #10722:
URL: https://github.com/apache/camel/pull/10722


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


[GitHub] [camel] github-actions[bot] commented on pull request #10722: Upgrade batik version to 1.16 (#9718)

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #10722:
URL: https://github.com/apache/camel/pull/10722#issuecomment-1641869203

   :no_entry_sign: There are (likely) no changes in core core to be tested in this PR


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


[GitHub] [camel] github-actions[bot] commented on pull request #10722: Upgrade batik version to 1.16 (#9718)

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #10722:
URL: https://github.com/apache/camel/pull/10722#issuecomment-1641869179

   :no_entry_sign: There are (likely) no components to be tested in this PR


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org