Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix veracode security CVE-2023-6378 #80

Merged
merged 1 commit into from
Dec 4, 2023
Merged

Fix veracode security CVE-2023-6378 #80

merged 1 commit into from
Dec 4, 2023

Conversation

amoldashwant
Copy link
Contributor

@amoldashwant amoldashwant commented Dec 1, 2023
edited
Loading

Description

  • Fixed veracode security CVE-2023-6378(logback-classic Denial Of Service): Excluded logback-classic and logback-core old versions and added newer version

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

@adityagajbhiye9 adityagajbhiye9 requested review from sachinargade123, dvasunin and almadigabor and removed request for dvasunin December 1, 2023 10:11
sachinargade123
sachinargade123 approved these changes Dec 1, 2023
View reviewed changes
Copy link
Contributor

@sachinargade123 sachinargade123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dvasunin
dvasunin reviewed Dec 1, 2023
View reviewed changes
pom.xml
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably shall exclude logback-classic from spring-boot-starter-logging artifact?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's excluded from spring-boot-starter-logging from web-starter.
Screenshot 2023-12-04 at 2 11 51 PM

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I see, spring-boot-starter-logging is a transitive dependency for web-starter, so I approve

dvasunin
dvasunin approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@dvasunin dvasunin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spring-boot-starter-logging is a transitive dependency for web-starter, so I approve

almadigabor
almadigabor approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@almadigabor almadigabor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@almadigabor almadigabor merged commit f79073a into eclipse-tractusx:main Dec 4, 2023
3 checks passed
@almadigabor almadigabor deleted the veracode_security_fix_23-6378 branch December 4, 2023 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sachinargade123 sachinargade123 sachinargade123 approved these changes

@almadigabor almadigabor almadigabor approved these changes

@dvasunin dvasunin dvasunin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amoldashwant @dvasunin @almadigabor @sachinargade123