-
Notifications
You must be signed in to change notification settings - Fork 467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EPIC]: Review security-related PRs created by Dependabot #28388
Closed
10 tasks done
jcastro-dotcms opened this issue
Apr 30, 2024
· 0 comments
· Fixed by #28445, #25873, #25449 or #29006
Closed
10 tasks done
[EPIC]: Review security-related PRs created by Dependabot #28388
jcastro-dotcms opened this issue
Apr 30, 2024
· 0 comments
· Fixed by #28445, #25873, #25449 or #29006
Comments
fmontes
changed the title
[Security] : Review security-related PRs created by Dependabot
[EPIC]: Review security-related PRs created by Dependabot
May 2, 2024
jcastro-dotcms
added a commit
that referenced
this issue
May 6, 2024
This was
linked to
pull requests
May 6, 2024
jcastro-dotcms
added a commit
that referenced
this issue
Jun 25, 2024
github-merge-queue bot
pushed a commit
that referenced
this issue
Jun 26, 2024
…29006) ### Proposed Changes * Removes the use of the JDOM library altogether. * The classes using the JDOM library living under the `dotCMS/src/main/java/org/apache/velocity/anakia/` and `dotcms-integration/src/test/java/com/ettrema/` packages were removed altogether as well. * As per Steve Bolton's suggestion, we're now using the JAXB library to handle XML data representing Portlets in dotCMS. This includes both the Portlets defined in the `/WEB-INF/portlet.xml` and `/WEB-INF/portlet-ext.xml` files, and the database. * Additional Javadoc and code refactoring was done. * The `dotcms-postman/src/main/resources/postman/PortletResource.json` Postman suite was refactored to use JWT, organized into folders, and reviewed t make sure that the REST Endpoint is tested as much as possible.
oidacra
pushed a commit
that referenced
this issue
Jun 26, 2024
…29006) ### Proposed Changes * Removes the use of the JDOM library altogether. * The classes using the JDOM library living under the `dotCMS/src/main/java/org/apache/velocity/anakia/` and `dotcms-integration/src/test/java/com/ettrema/` packages were removed altogether as well. * As per Steve Bolton's suggestion, we're now using the JAXB library to handle XML data representing Portlets in dotCMS. This includes both the Portlets defined in the `/WEB-INF/portlet.xml` and `/WEB-INF/portlet-ext.xml` files, and the database. * Additional Javadoc and code refactoring was done. * The `dotcms-postman/src/main/resources/postman/PortletResource.json` Postman suite was refactored to use JWT, organized into folders, and reviewed t make sure that the REST Endpoint is tested as much as possible.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Parent Issue
No response
Task
Review the PRs generated by Dependabot related to upgrading libraries used by dotCMS to a safer newer version. We need to make sure that (1) the suggested version is still the right one, and (2) vulnerable versions of such libraries are not being pulled as part of transitive dependencies.
Dependabot PRs
Proposed Objective
Core Features
Proposed Priority
Priority 2 - Important
Acceptance Criteria
It's important to analyze what specific parts of the system rely on the upgraded libraries so that we can test accordingly.
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Quality Assurance Notes & Workarounds
Because of the high number of reported vulnerabilities and their respective code fixes, both IQA and QA tasks will require an important amount of effort. In this particular case, there are several parts of dotCMS that will need to be tested:
Sub-Tasks & Estimates
No response
The text was updated successfully, but these errors were encountered: