klg71
commented
1 year ago Hey @fadiaismael thanks for providing the pull request for this issue 👍 Your changes are release with version 0.2.48 (https://github.com/mayope/keycloakmigration/releases/tag/0.2.48). Could you verify this on your side?
fadiaismael
Hallo, According to the owasp Vulnarability scan, there are CVEs in the fat-jar due to outdated libs
[ERROR] keycloakmigration-0.2.47-fat.jar\META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml: CVE-2020-36518(7.5), CVE-2022-42003(7.5), CVE-2022-42004(7.5) [ERROR] keycloakmigration-0.2.47-fat.jar\META-INF/maven/org.apache.commons/commons-text/pom.xml: CVE-2022-42889(9.8) [ERROR] keycloakmigration-0.2.47-fat.jar\META-INF/maven/org.yaml/snakeyaml/pom.xml: CVE-2022-38752(6.5), CVE-2022-38751(6.5), CVE-2022-38750(5.5), CVE-2022-41854(6.5), CVE-2022-25857(7.5), CVE-2022-38749(6.5), CVE-2022-1471(9.8)
This is a blocking issue, while we are not allowed to deploy artifacts with security issues