search

EBISPOT / lodestar

Linked Data explorer and SPARQL endpoint
Apache License 2.0
23 stars 22 forks source link

Security updates for Lodestar #20

Closed danizen closed 7 years ago

danizen commented 8 years ago

As part of my release process, I ran the OWASP Dependency Check, https://www.owasp.org/index.php/OWASP_Dependency_Check, maven plugin against lodestar.

I found the following issues in lode-core-api:

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:1.4.3:check (default-cli) on project lode-core-api:
[ERROR]
[ERROR] Dependency-Check Failure:
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater then '4.0':
[ERROR] jackson-annotations-2.3.0.jar: CVE-2016-3720
[ERROR] jackson-core-2.3.3.jar: CVE-2016-3720
[ERROR] httpclient-4.2.6.jar: CVE-2015-5262, CVE-2014-3577
[ERROR] jackson-core-asl-1.5.3.jar: CVE-2016-3720
[ERROR] spring-aop-3.2.2.RELEASE.jar: CVE-2014-1904, CVE-2014-0054, CVE-2013-7315, CVE-2013-6429, CVE-2013-4152
[ERROR] spring-core-3.2.2.RELEASE.jar: CVE-2014-3625, CVE-2014-3578, CVE-2014-1904, CVE-2014-0054, CVE-2013-7315, CVE-2013-6429, CVE-2013-4152
danizen commented 7 years ago

Pull request merged, can be closed.