Skip to content

Commit

Permalink
fix(dependencies): update resteasy to remove CVE
Browse files Browse the repository at this point in the history 
An old version of resteasy is resolved transitively through org.pacesys:openstack4j in front50-swift. Updating this removes CVE-2020-1695.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695

At Armory, we have been running this config for over a year, so this is a pretty safe change. We are just moving our own overrides to open source to fix CVE's for everyone.
|    |    |    \--- org.pacesys:openstack4j:3.2.0
|    |    |         +--- org.pacesys.openstack4j.connectors:openstack4j-resteasy:3.2.0
|    |    |         |    +--- org.jboss.resteasy:resteasy-client:3.1.4.Final
|    |    |         |    |    +--- org.jboss.resteasy:resteasy-jaxrs:3.1.4.Final -> 3.12.1.Final
  • Loading branch information
@claymccoy
claymccoy committed Apr 21, 2022
1 parent 761e721 commit 732a2dc
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions front50-swift/front50-swift.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ dependencies {
implementation "io.spinnaker.kork:kork-core"
implementation "org.springframework:spring-web"
implementation 'org.pacesys:openstack4j:3.2.0'
implementation 'org.jboss.resteasy:resteasy-jaxrs:3.12.1.Final'

testImplementation project(":front50-test")
}

0 comments on commit 732a2dc

Please sign in to comment.