Skip to content

Patch for CVE-2019-12814 #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 25, 2019
Merged

Patch for CVE-2019-12814 #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dab79ff
Set testing env to use Ubuntu trusty
robincher Jul 25, 2019
d089ec7
Patch for CVE-2019-12814 and update Changelog
robincher Jul 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ language: java
jdk:
- oraclejdk8

dist: trusty

env:
- GRADLE_OPTS="-Dfile.encoding=utf-8"

Expand Down
81 changes: 51 additions & 30 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,54 @@
# Change Log

## Added
### V1.0-SNAPSHOT
+ Initial release with HMAC256 and RSA256 signing utility
### V1.0.1-SNAPSHOT
+ Enhancement for Issue #1 - ApiList sorting is not based on key first then value
### V1.1.0-SNAPSHOT
+ Minor refactoring
+ Update interface name so as be intuitive
+ Update corresponding test cases
+ Include Issue/PR templates
+ Include Contribution template
### V1.1.1-SNAPSHOT
+ Minor refactoring
+ Update documentation
+ Update templates
### V1.1.2-SNAPSHOT
+ Minor refactoring
+ Update documentation
### V1.2.0-SNAPSHOT
+ Bug fixes for null value checking
+ Update basestring method to suppport use-case where value of queryparam or form value is empty
+ Update nonce method to generate base64 encoded string value of 32 bytes characters
### V1.3.0-SNAPSHOT
+ Update test-suites framework to cover more use-case scenarios
+ Add Utility to read from PKI Key with PEM format
+ Update README documentation
### V1.3.1-SNAPSHOT
+ Update dependency library for jackson-databind to version 2.9.8
+ Update mvn command to pull centralised unit-test cases from github repository
### V1.3.3-SNAPSHOT

- Set TravisCI build dist to Trusty
- Fixed vulnerablity CVE-2019-12814

### V1.3.2-SNAPSHOT
+ Update ApiSigning class to support non-standard http port

- Update ApiSigning class to support non-standard http port

### V1.3.1-SNAPSHOT

- Update dependency library for jackson-databind to version 2.9.8
- Update mvn command to pull centralised unit-test cases from github repository

### V1.3.0-SNAPSHOT

- Update test-suites framework to cover more use-case scenarios
- Add Utility to read from PKI Key with PEM format
- Update README documentation

### V1.2.0-SNAPSHOT

- Bug fixes for null value checking
- Update basestring method to suppport use-case where value of queryparam or form value is empty
- Update nonce method to generate base64 encoded string value of 32 bytes characters

### V1.1.2-SNAPSHOT

- Minor refactoring
- Update documentation

### V1.1.1-SNAPSHOT

- Minor refactoring
- Update documentation
- Update templates

### V1.1.0-SNAPSHOT

- Minor refactoring
- Update interface name so as be intuitive
- Update corresponding test cases
- Include Issue/PR templates
- Include Contribution template

### V1.0.1-SNAPSHOT

- Enhancement for Issue #1 - ApiList sorting is not based on key first then value

### V1.0-SNAPSHOT

- Initial release with HMAC256 and RSA256 signing utility
4 changes: 2 additions & 2 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ plugins {
id 'com.github.kt3k.coveralls' version '2.6.3'
}

version '1.3.2-SNAPSHOT'
version '1.3.3-SNAPSHOT'

tasks.withType(JavaCompile) {
options.encoding = "UTF-8"
Expand All @@ -18,7 +18,7 @@ dependencies {
//compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1'
compile group: 'commons-lang', name: 'commons-lang', version: '2.4'
compile group: 'org.slf4j', name: 'slf4j-api', version: '1.7.25'
compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.8'
compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.9.1'
compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.60'
testCompile group: 'org.slf4j', name: 'slf4j-log4j12', version: '1.7.25'
Expand Down
4 changes: 2 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.api.util</groupId>
<artifactId>ApiSecurity</artifactId>
<version>1.3.2-SNAPSHOT</version>
<version>1.3.3-SNAPSHOT</version>
<build>
<plugins>
<plugin>
Expand Down Expand Up @@ -90,7 +90,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.9</version>
<version>2.9.9.1</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
Expand Down