Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2018-10237 in kogito-runtimes #292

Closed
baldimir opened this issue May 30, 2023 · 2 comments
Closed

Fix CVE-2018-10237 in kogito-runtimes #292

baldimir opened this issue May 30, 2023 · 2 comments
Assignees
@baldimir
Labels
area:cicd Related to pipelines, automation. Community GitHub Actions or internal area:dependencies Dependency upgrade/update/migration area:engine Related to the runtime engines type:bug Something is behaving unexpectedly

Comments

@baldimir
Copy link

Issue: GHSA-mvr2-9pj6-7w5j

Old Guava version is brought in by https://github.com/kiegroup/kogito-runtimes/blob/4cbceded6c9b5bef4313b50bdcb1f076b9ee620e/kogito-maven-plugin/pom.xml#L181. I will try to update it to the newest version.

Acceptance criteria:

  • kogito-runtimes contain Guava version with the fixes.
@baldimir baldimir converted this from a draft issue May 30, 2023
@baldimir baldimir added area:dependencies Dependency upgrade/update/migration area:engine Related to the runtime engines labels May 30, 2023
@baldimir baldimir self-assigned this May 30, 2023
@baldimir baldimir added the type:bug Something is behaving unexpectedly label May 30, 2023
@baldimir baldimir mentioned this issue May 30, 2023
Merged
@baldimir
Copy link
Author

PR https://github.com/kiegroup/kogito-runtimes/pull/3022

@baldimir baldimir moved this from In Progress 🔧 (1 per person) to In Review 🔁 (1 per person) in IBM and KIE Community Project - Archived! May 30, 2023
@baldimir baldimir added the area:cicd Related to pipelines, automation. Community GitHub Actions or internal label Jun 1, 2023
@baldimir
Copy link
Author

baldimir commented Jun 2, 2023

PR merged, closing this.

@baldimir baldimir closed this as completed Jun 2, 2023
@github-project-automation github-project-automation bot moved this from In Review 🔁 (1 per person) to Done 🎉 in IBM and KIE Community Project - Archived! Jun 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@baldimir baldimir

Labels
area:cicd Related to pipelines, automation. Community GitHub Actions or internal area:dependencies Dependency upgrade/update/migration area:engine Related to the runtime engines type:bug Something is behaving unexpectedly
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baldimir