Skip to content

Update gradle enterprise to 3.8 to address CVE-2021-45105. #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Update gradle enterprise to 3.8 to address CVE-2021-45105. #547

wants to merge 2 commits into from

Conversation

@eznix86
Copy link
Contributor

@eznix86 eznix86 commented Dec 20, 2021

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 20, 2021
@sjohnr
Copy link
Contributor

sjohnr commented Dec 22, 2021

Thanks @theArtechnology! Looks like there's also a 3.8 version available as of Monday (Dec 20, 2021). Unfortunately, I'm not familiar enough with Gradle Enterprise to be confident to merge this yet, so I think we'll wait until after the holidays anyway. Let me know if you feel that's ill-advised.

@sjohnr
Copy link
Contributor

sjohnr commented Dec 22, 2021

Note that this seems to be a duplicate of #504 as well.

@eznix86
Copy link
Contributor Author

eznix86 commented Dec 27, 2021
edited
Loading

Thanks @theArtechnology! Looks like there's also a 3.8 version available as of Monday (Dec 20, 2021). Unfortunately, I'm not familiar enough with Gradle Enterprise to be confident to merge this yet, so I think we'll wait until after the holidays anyway. Let me know if you feel that's ill-advised.

Thank you for reviewing my Pull Request, it is a recommendation from Gradle themselves: https://security.gradle.com/advisory/2021-11

I can make the change so it reflects 3.8 as you mentioned.

@eznix86 eznix86 changed the title Update gradle enterprise to 3.7.2 to address CVE-2021-45105. Update gradle enterprise to 3.8 to address CVE-2021-45105. Dec 27, 2021
@sjohnr
Copy link
Contributor

sjohnr commented Jan 10, 2022

Thanks! This is now in main as 1370f7e.

@sjohnr sjohnr closed this Jan 10, 2022
@sjohnr sjohnr added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 10, 2022
@sjohnr sjohnr added this to the 0.2.2 milestone Jan 10, 2022
@sjohnr sjohnr mentioned this pull request Jan 10, 2022
Closed
@sjohnr sjohnr added type: dependency-upgrade A dependency upgrade and removed type: enhancement A general enhancement labels Jan 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sjohnr sjohnr

Labels

type: dependency-upgrade A dependency upgrade

Projects

None yet

Milestone

0.2.2

Development

Successfully merging this pull request may close these issues.

3 participants

@eznix86 @sjohnr @spring-projects-issues