Open renovate[bot] opened 1 year ago
This PR contains the following updates:
2.11.2
2.11.3
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3.
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR contains the following updates:
2.11.2
->2.11.3
GitHub Vulnerability Alerts
CVE-2023-22899
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3.
Release Notes
srikanth-lingala/zip4j (net.lingala.zip4j:zip4j)
### [`v2.11.3`](https://redirect.github.com/srikanth-lingala/zip4j/releases/tag/v2.11.3) Security fixes: [#485](https://redirect.github.com/srikanth-lingala/zip4j/issues/485) Fix CVE-2023-22899Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.