Skip to content

Fixed vulnerability CVE-2020-25649, CVE-2020-15522, CVE-2020-9488 and CVE-2019-17571 #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Aug 13, 2021
Merged

Fixed vulnerability CVE-2020-25649, CVE-2020-15522, CVE-2020-9488 and CVE-2019-17571 #36

merged 13 commits into from
Aug 13, 2021

Conversation

blasttoys
Copy link
Contributor

@blasttoys blasttoys commented Aug 13, 2021
edited
Loading

Description

  • Fixed vulnerability CVE-2020-25649, CVE-2020-15522, CVE-2020-9488 and CVE-2019-17571
  • Update dependency library for bouncycastle to version 1.69
  • Update dependency library for jackson-databind to version 2.10.5.1
  • Remove dependency library for slf4j, updated to log4j version 2.14.1 for logging
  • Update README.md, LICENSE

Fixes # (issue number)

Fixed vulnerability CVE-2020-25649, CVE-2020-15522, CVE-2020-9488 and CVE-2019-17571

Type of change

Please delete options that are not relevant.

  • This change requires a documentation update
  • Security patch

How Has This Been Tested?

Please describe or list the test cases that you ran to verify your changes, and provide instructions so we can reproduce.

Ran maven build option, maven test
Ran gradle build option, gradle test

robincher and others added 13 commits September 10, 2020 14:21
@robincher
Merge pull request GovTechSG#30 from GovTechSG/development
a50c5e3 
Update license year
@dependabot
Bump junit from 4.12 to 4.13.1
4ebac20 
Bumps [junit](https://github.com/junit-team/junit4) from 4.12 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](junit-team/junit4@r4.12...r4.13.1)

Signed-off-by: dependabot[bot] <support@github.com>
@robincher
Merge pull request GovTechSG#31 from GovTechSG/dependabot/maven/junit…
d827add 
…-junit-4.13.1

Bump junit from 4.12 to 4.13.1
@snyk-bot
fix: pom.xml to reduce vulnerabilities
ef1ac26 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-1035561
@robincher
Merge pull request GovTechSG#33 from GovTechSG/snyk-fix-0586b302ee5a6…
3bdc4e2 
…8767a8fde029106b453

[Snyk] Security upgrade org.bouncycastle:bcpkix-jdk15on from 1.60 to 1.61
fix vulnerability CVE-2020-25649, CVE-2020-15522, CVE-2020-9488 and C…
1fb43a1 
…VE-2019-17571
fix log4j exploit
592a16e
logger2 properties
cdea156
update changelog
7327274
clean up
e9e7748
clean up README.md
02e9f7a
@blasttoys
remove log4j.properties
14e4400
@blasttoys
Update references link
b19caa6
@blasttoys
Copy link
Contributor Author

All check passed

@GTYeokh GTYeokh merged commit 07e674a into GovTechSG:development Aug 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GTYeokh GTYeokh GTYeokh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@blasttoys @GTYeokh @robincher @snyk-bot