Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Fix security vulnerability reported in checkstyle < 8.29

CSP Request Details

None

CSP Rejection Details

None

CSP Approved

None

Description

Remediation

Upgrade com.puppycrawl.tools:checkstyle to version 8.29 or later. For example:

<dependency> <groupId>com.puppycrawl.tools</groupId> <artifactId>checkstyle</artifactId> <version>[8.29,)</version> </dependency>

Always verify the validity and compatibility of suggestions with your codebase.

GHSA-763g-fqq7-48wg

moderate severity

*Vulnerable versions:* < 8.29

*Patched version:* 8.29

Due to an incomplete fix for CVE-2019-9658, checkstyle was still vulnerable to XML External Entity (XXE) Processing.

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Julian Ladisch July 7, 2020 at 2:03 PM

Thanks, !

Julian Ladisch June 15, 2020 at 11:40 AM

Pull request ready for code review: https://github.com/folio-org/edge-sip2/pull/45
Obsoletes https://github.com/folio-org/edge-sip2/pull/41
Note that I don't have write permission to that repository, please also merge the PR after it has been accepted in the code review.

Done

Details

Assignee

Reporter

Labels

Priority

Development Team

EBSCO - FSE

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created February 3, 2020 at 10:45 PM
Updated July 13, 2020 at 6:47 PM
Resolved July 7, 2020 at 2:03 PM
TestRail: Cases
TestRail: Runs