snesm
commented
1 year ago @LisaWellman @pbhallam @klwhaley @evbaron: any chance of getting these security fixes merged and released?
Closed snesm closed 1 year ago
snesm
commented
1 year ago @LisaWellman @pbhallam @klwhaley @evbaron: any chance of getting these security fixes merged and released?
klwhaley
commented
1 year ago @LisaWellman @pbhallam @klwhaley @evbaron: any chance of getting these security fixes merged and released?
Reviewing now! Will work with @LisaWellman to get a release out as well.
Updates to mitigate vulnerabilities in dependencies or sub-dependencies:
Critical org.thymeleaf:thymeleaf Sandbox Bypass High net.minidev:json-smart Denial of Service (DoS) Medium org.yaml:snakeyaml Arbitrary Code Execution Medium com.squareup.okio:okio-jvm Denial of Service (DoS) Low com.google.guava:guava Information Disclosure Low com.google.guava:guava Creation of Temporary File in Directory with Insecure Permissions Low org.jetbrains.kotlin:kotlin-stdlib Information Exposure