Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade snappy-java to 1.1.10.5 #5052

Closed
barthanssens opened this issue Jun 24, 2024 · 0 comments · Fixed by #5065
Closed

Upgrade snappy-java to 1.1.10.5 #5052

barthanssens opened this issue Jun 24, 2024 · 0 comments · Fixed by #5065
Assignees
@barthanssens
Labels
🐞 bug issue is a bug dependencies Pull requests that update a dependency file security
Milestone
5.0.1

Comments

@barthanssens
Copy link
Contributor

Current Behavior

I've noticed, when releasing the docker workbench image, there are a few vulnerabilities in snappy-java (which may or may not affect RDF4J workbenc00h)

Expected Behavior

Upgrading to the latest (patch) release of snappy-java should fix the reported CVEs for snappy-java dependency

Steps To Reproduce

No response

Version

5.0.0

Are you interested in contributing a solution yourself?

Yes

Anything else?

No response
@barthanssens barthanssens added 🐞 bug issue is a bug security dependencies Pull requests that update a dependency file labels Jun 24, 2024
@barthanssens barthanssens self-assigned this Jun 24, 2024
@barthanssens barthanssens added this to the 5.0.1 milestone Jun 24, 2024
barthanssens added a commit to Fedict/rdf4j that referenced this issue Jun 28, 2024
@barthanssens
eclipse-rdf4jGH-5052: use more recent version of snappy to fix CVEs
70bb43b
@barthanssens barthanssens mentioned this issue Jun 28, 2024
Merged
5 tasks
barthanssens added a commit to Fedict/rdf4j that referenced this issue Jun 30, 2024
@barthanssens
eclipse-rdf4jGH-5052: trigger github
d2c2891
barthanssens added a commit to Fedict/rdf4j that referenced this issue Jul 2, 2024
@barthanssens
eclipse-rdf4jGH-5052: upgrade snappy dependency to fix CVE
3dbcd1f
barthanssens added a commit to Fedict/rdf4j that referenced this issue Jul 8, 2024
@barthanssens
eclipse-rdf4jGH-5052: added comment about CVEs
e2b6dfb 
Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fgov.be>
barthanssens added a commit to Fedict/rdf4j that referenced this issue Jul 8, 2024
@barthanssens
eclipse-rdf4jGH-5052: upgrade snappy dependency to fix CVE
2578f7a
barthanssens added a commit that referenced this issue Jul 9, 2024
@barthanssens
GH-5052: use more recent version of snappy to fix CVEs (#5065)
9aab536 
GH-5052: upgrade snappy dependency to fix CVE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barthanssens barthanssens

Labels
🐞 bug issue is a bug dependencies Pull requests that update a dependency file security
Projects
None yet
Milestone
5.0.1
Development

Successfully merging a pull request may close this issue.

GH-5052: use more recent version of snappy to fix CVEs Fedict/rdf4j
1 participant
@barthanssens