Branch: refs/heads/master
Home: https://github.com/jenkinsci/json-lib
Commit: a067f6c4b02d91470fb887fda9104a13eb2ff7bc
https://github.com/jenkinsci/json-lib/commit/a067f6c4b02d91470fb887fda9104a13eb2ff7bc
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Date: 2024-04-11 (Thu, 11 Apr 2024)
Changed paths:
M pom.xml
Log Message:
-----------
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 (#7)
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: CodeQL & OpenRewrite
(https://public.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8
Co-authored-by: Moderne <t...@moderne.io>
To unsubscribe from these emails, change your notification settings at
https://github.com/jenkinsci/json-lib/settings/notifications
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/json-lib/push/refs/heads/master/253be5-a067f6%40github.com.
