Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Fix security issues in dependencies #574

Merged
merged 1 commit into from
May 9, 2017
Merged

[security] Fix security issues in dependencies #574

merged 1 commit into from
May 9, 2017

Conversation

donatello
Copy link
Member

SourceClear tool reported vulnerabilities in dependencies used by
minio-java. This patch updates the vulnerable libraries to their
latest versions.

Vulnerabilities found via the tool:

FasterXML/jackson-databind#1599 (RCE)
https://github.com/square/okhttp/blob/master/CHANGELOG.md#version-273 (Certificate
Pinning Bypass)
https://issues.jboss.org/browse/JBEAP-6316?_sscc=t (DOS)

@donatello
Fix security issues in dependencies
cec573a 
SourceClear tool reported vulnerabilities in dependencies used by
minio-java. This patch updates the vulnerable libraries to their
latest versions.

Vulnerabilities found via the tool:

FasterXML/jackson-databind#1599 (RCE)
https://github.com/square/okhttp/blob/master/CHANGELOG.md#version-273 (Certificate
Pinning Bypass)
https://issues.jboss.org/browse/JBEAP-6316?_sscc=t (DOS)
@deekoder deekoder merged commit 402c49a into minio:master May 9, 2017
@balamurugana
Copy link
Member

@donatello

SourceClear tool reported vulnerabilities in dependencies used by minio-java. This patch updates the vulnerable libraries to their latest versions.

How did you run this tool? can this be added into build.gradle for every build?

@donatello donatello deleted the security-fixes branch May 10, 2017 01:20
@donatello
Copy link
Member Author

@balamurugana I was running it on my machine to evaluate it. It is not a free tool and I was running it in trial mode. A decision about purchasing it needs to be made before we can add it to our build process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@deekoder deekoder deekoder approved these changes

@balamurugana balamurugana Awaiting requested review from balamurugana

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@donatello @balamurugana @harshavardhana @deekoder