mmarquee / ui-automation

Java wrapper for ms-uiautomation
https://mmarquee.github.io/ui-automation/
Apache License 2.0
111 stars 54 forks source link

Publish artifact not affected by log4j vulnerability #124

Closed DhashS closed 2 years ago

DhashS commented 2 years ago

Hey @mmarquee, thanks for this great library! This is one of our last remaining dependencies to address the recent log4j vulnerability CVE-2021-44228. Can you publish a minor version bump that has the updated log4j dependency? Dependabot has merged the update for 2.16.0, in which the CVE is fixed, this issue is specifically to track the status of the maven artifact.

mmarquee commented 2 years ago

I am doing this change now, the code has been patched (it was just to bump the version), and the 0.6.0 release should have these fixes in the release.

https://sbom.lift.sonatype.com/report/T1-0ff0976f7f21c391f20f-104b24b828d515-1639836988-1b798fc71dcb425b8701a295eebdd8f0

mmarquee commented 2 years ago

Looks like it's all gone through and the new release is in Sonatype

mmarquee commented 2 years ago

Published. Please check for version 0.6.0

DhashS commented 2 years ago

Thanks!