Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] repository-s3 Plugin sonatype-2022-6438 #17044

Open
apsivam opened this issue Jan 16, 2025 · 0 comments
Open

[BUG] repository-s3 Plugin sonatype-2022-6438 #17044

apsivam opened this issue Jan 16, 2025 · 0 comments
Labels
bug Something isn't working Build Build Tasks/Gradle Plugin, groovy scripts, build tools, Javadoc enforcement. untriaged

Comments

@apsivam
Copy link

apsivam commented Jan 16, 2025

Describe the bug

The repository-s3 plugin has an external dependency third-party-jackson-core that has a Sonatype vulnerability (sonatype-2022-6438). This got fixed in the version 2.15 and got integrated into AWS JDK version 2.20.140.

OpenSearch is still (as of version 3) being built using AWS JDK version 2.20.86 is causing the vulnerability to be flagged by Sonatype.

Related component

Build

To Reproduce

N/A

Expected behavior

N/A

Additional Details

Plugins
standard + repository-s3.
@apsivam apsivam added bug Something isn't working untriaged labels Jan 16, 2025
@github-actions github-actions bot added the Build Build Tasks/Gradle Plugin, groovy scripts, build tools, Javadoc enforcement. label Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Build Build Tasks/Gradle Plugin, groovy scripts, build tools, Javadoc enforcement. untriaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@apsivam