Changes for removing vulnerabilities BDSA-2024-0396, CVE-2023-46589 (BDSA-2023-3298), BDSA-2024-0452

gretty-gradle-plugin / gretty

Advanced gradle plugin for running web-apps on jetty and tomcat.

MIT License

129 stars 36 forks source link

Changes for removing vulnerabilities BDSA-2024-0396, CVE-2023-46589 (BDSA-2023-3298), BDSA-2024-0452 #303

Closed pranav24gupta closed 8 months ago

pranav24gupta commented 8 months ago

@boris-petrov , @f4lco could you please take a look All checks are passing, can you publish a patch in 4.x.x series so that I can utilise it in my project.

cc: @dutta1kartik3

boris-petrov commented 8 months ago

Thank you, @pranav24gupta!

We'll try to release soon. But keep in mind that 1) you can set your own versions of Tomcat/Jetty to use in development and 2) Gretty is used only in development so these vulnerabilities are not really that problematic.

pranav24gupta commented 8 months ago

@boris-petrov by when can we expect a patch release in 4.x.x series.

cc: @dutta1kartik3

boris-petrov commented 8 months ago

I've released 4.1.3.

pranav24gupta commented 8 months ago

Thanks a lot @boris-petrov