Begin forwarded message:From: GitHub <nor...@github.com>Subject: Your GitHub security alerts for the week of Oct 30 - Nov 6Date: 7 November 2018 at 5:48:12 am AESTTo: Greg Luck <gl...@gregluck.com>
security alert digest
gregrluck’s repository security updates from the week of Oct 30 - Nov 6
JSR107 - Java Caching organization
jsr107 / RI
Known security vulnerabilities detected
Dependencyorg.springframework:spring-core Version< 3.2.14 Upgrade to~> 3.2.14 Vulnerabilities
CVE-2018-1270 High severity CVE-2018-1275 High severity CVE-2015-3192 Moderate severity CVE-2016-5007 Moderate severity CVE-2018-1257 Moderate severity View 3 more Defined inpom.xml
Review all vulnerable dependencies
Cloud Foundry Community organization
cloudfoundry-community / java-nats
Known security vulnerabilities detected
Dependencycom.fasterxml.jackson.core:jackson-databind Version< 2.6.7.1 Upgrade to~> 2.6.7.1 Vulnerabilities
CVE-2017-7525 High severity CVE-2018-7489 High severity CVE-2017-17485 High severity Defined inpom.xml
Review all vulnerable dependencies
cloudfoundry-community / cf-java-component
Known security vulnerabilities detected
Dependencycom.fasterxml.jackson.core:jackson-databind Version< 2.6.7.1 Upgrade to~> 2.6.7.1 Vulnerabilities
CVE-2017-7525 High severity CVE-2018-7489 High severity CVE-2017-17485 High severity Defined inpom.xml
Dependencyorg.apache.httpcomponents:httpclient Version< 4.3.6 Upgrade to~> 4.3.6 Vulnerabilities
CVE-2015-5262 Moderate severity Defined inpom.xml
Review all vulnerable dependencies
cloudfoundry-community / cf-docs-contrib
Known security vulnerabilities detected
Dependencyactivesupport Version>= 3.2.0< 3.2.13 Upgrade to~> 3.2.13 Vulnerabilities
CVE-2013-1856 Moderate severity CVE-2015-3226 Moderate severity CVE-2015-3227 Moderate severity Defined inGemfile.lock
Dependencyrack Version< 1.5.4 Upgrade to~> 1.5.4 Vulnerabilities
CVE-2015-3225 Moderate severity Defined inGemfile.lock
Dependencysprockets Version>= 2.4.0< 2.4.6 Upgrade to~> 2.4.6 Vulnerabilities
CVE-2018-3760 High severity CVE-2014-7819 Moderate severity Defined inGemfile.lock
Dependencyi18n Version< 0.6.6 Upgrade to~> 0.6.6 Vulnerabilities
CVE-2013-4492 Moderate severity Defined inGemfile.lock
Dependencyyajl-ruby Version< 1.3.1 Upgrade to~> 1.3.1 Vulnerabilities
CVE-2017-16516 High severity Defined inGemfile.lock
Dependencyrack-protection Version< 1.5.5 Upgrade to~> 1.5.5 Vulnerabilities
CVE-2018-1000119 Moderate severity Defined inGemfile.lock
Dependencyffi Version< 1.9.24 Upgrade to~> 1.9.24 Vulnerabilities
CVE-2018-1000201 Moderate severity Defined inGemfile.lock
Review all vulnerable dependencies
cloudfoundry-community / cf_demoapp_ruby_rack
Known security vulnerabilities detected
Dependencyrack Version< 1.5.4 Upgrade to~> 1.5.4 Vulnerabilities
CVE-2015-3225 Moderate severity Defined inGemfile.lock
Review all vulnerable dependencies
cloudfoundry-community / trybosh-web
Known security vulnerabilities detected
Dependencyactivesupport Version>= 3.0.0< 3.2.22.4 Upgrade to~> 3.2.22.5 Vulnerabilities
CVE-2015-3226 Moderate severity CVE-2015-3227 Moderate severity Defined inGemfile.lock
Dependencysprockets Version>= 2.2.0< 2.2.3 Upgrade to~> 2.2.3 Vulnerabilities
CVE-2018-3760 High severity CVE-2014-7819 Moderate severity Defined inGemfile.lock
Dependencyactiverecord Version>= 2.0.0< 3.2.19 Upgrade to~> 3.2.19 Vulnerabilities
CVE-2014-3482 High severity CVE-2015-7577 Moderate severity Defined inGemfile.lock
Dependencyrack Version< 1.5.4 Upgrade to~> 1.5.4 Vulnerabilities
CVE-2015-3225 Moderate severity Defined inGemfile.lock
Dependencyactionpack Version>= 3.1.0< 3.2.22.1 Upgrade to~> 3.2.22.1 Vulnerabilities
CVE-2016-2098 High severity CVE-2015-7576 Moderate severity CVE-2016-0751 Moderate severity CVE-2014-7818 Moderate severity CVE-2014-0130 Moderate severity View 6 more Defined inGemfile.lock
Dependencyrack-ssl Version< 1.4.0 Upgrade to~> 1.4.0 Vulnerabilities
CVE-2014-2538 Moderate severity Defined inGemfile.lock
Dependencyrails Version>= 3.0.0< 3.2.17 Upgrade to~> 3.2.17 Vulnerabilities
CVE-2014-0081 Moderate severity Defined inGemfile.lock
Dependencyi18n Version< 0.6.6 Upgrade to~> 0.6.6 Vulnerabilities
CVE-2013-4492 Moderate severity Defined inGemfile.lock
Dependencyactionmailer Version>= 3.0.0< 3.2.15 Upgrade to~> 3.2.15 Vulnerabilities
CVE-2013-4389 Moderate severity Defined inGemfile.lock
Dependencyjquery-rails Version< 3.1.3 Upgrade to~> 3.1.3 Vulnerabilities
CVE-2015-1840 Moderate severity Defined inGemfile.lock
Dependencymail Version< 2.5.5 Upgrade to~> 2.5.5 Vulnerabilities
CVE-2015-9097 Moderate severity Defined inGemfile.lock
Dependencynokogiri Version< 1.8.1 Upgrade to~> 1.8.1 Vulnerabilities
CVE-2017-9050 Critical severity CVE-2015-5312 High severity CVE-2016-4658 High severity CVE-2017-5029 Low severity CVE-2017-18258 Moderate severity View 2 more Defined inGemfile.lock
Dependencyrack-protection Version< 1.5.5 Upgrade to~> 1.5.5 Vulnerabilities
CVE-2018-1000119 Moderate severity Defined inGemfile.lock
Review all vulnerable dependencies
cloudfoundry-community / share-my-cloudfoundry
Known security vulnerabilities detected
Dependencyomniauth-oauth2 Version< 1.1.2 Upgrade to~> 1.1.2 Vulnerabilities
CVE-2012-6134 Moderate severity Defined inGemfile.lock
Dependencyrubyzip Version< 1.2.1 Upgrade to~> 1.2.1 Vulnerabilities
CVE-2017-5946 High severity CVE-2018-1000544 Moderate severity Defined inGemfile.lock
Dependencyactivesupport Version>= 3.0.0< 3.2.22.4 Upgrade to~> 3.2.22.5 Vulnerabilities
CVE-2015-3226 Moderate severity CVE-2015-3227 Moderate severity Defined inGemfile.lock
Dependencyactionpack Version>= 3.1.0< 3.2.22.1 Upgrade to~> 3.2.22.1 Vulnerabilities
CVE-2016-2098 High severity CVE-2015-7576 Moderate severity CVE-2016-0751 Moderate severity CVE-2014-7829 Moderate severity CVE-2014-7818 Moderate severity View 6 more Defined inGemfile.lock
Dependencyactiverecord Version>= 2.0.0< 3.2.19 Upgrade to~> 3.2.19 Vulnerabilities
CVE-2014-3482 High severity CVE-2015-7577 Moderate severity Defined inGemfile.lock
Dependencyrack Version< 1.5.4 Upgrade to~> 1.5.4 Vulnerabilities
CVE-2015-3225 Moderate severity Defined inGemfile.lock
Dependencyjquery-rails Version< 3.1.3 Upgrade to~> 3.1.3 Vulnerabilities
CVE-2015-1840 Moderate severity Defined inGemfile.lock
Dependencyrack-ssl Version< 1.4.0 Upgrade to~> 1.4.0 Vulnerabilities
CVE-2014-2538 Moderate severity Defined inGemfile.lock
Dependencyomniauth-facebook Version>= 1.4.1< 1.5.0 Upgrade to~> 1.5.0 Vulnerabilities
CVE-2013-4562 Moderate severity Defined inGemfile.lock
Dependencyrails Version>= 3.0.0< 3.2.17 Upgrade to~> 3.2.17 Vulnerabilities
CVE-2014-0081 Moderate severity Defined inGemfile.lock
Dependencyi18n Version< 0.6.6 Upgrade to~> 0.6.6 Vulnerabilities
CVE-2013-4492 Moderate severity Defined inGemfile.lock
Dependencyactionmailer Version>= 3.0.0< 3.2.15 Upgrade to~> 3.2.15 Vulnerabilities
CVE-2013-4389 Moderate severity Defined inGemfile.lock
Dependencysprockets Version>= 2.2.0< 2.2.3 Upgrade to~> 2.2.3 Vulnerabilities
CVE-2018-3760 High severity CVE-2014-7819 Moderate severity Defined inGemfile.lock
Dependencymail Version< 2.5.5 Upgrade to~> 2.5.5 Vulnerabilities
CVE-2015-9097 Moderate severity Defined inGemfile.lock
Dependencyomniauth Version< 1.3.2 Upgrade to~> 1.3.2 Vulnerabilities
CVE-2017-18076 Moderate severity Defined inGemfile.lock
Dependencyrack-protection Version< 1.5.5 Upgrade to~> 1.5.5 Vulnerabilities
CVE-2018-1000119 Moderate severity Defined inGemfile.lock
Review all vulnerable dependencies
cloudfoundry-community / cf_cli_install
Known security vulnerabilities detected
Dependencyrack Version< 1.5.4 Upgrade to~> 1.5.4 Vulnerabilities
CVE-2015-3225 Moderate severity Defined inGemfile.lock
Dependencyrack-protection Version< 1.5.5 Upgrade to~> 1.5.5 Vulnerabilities
CVE-2018-1000119 Moderate severity Defined inGemfile.lock
Review all vulnerable dependencies
cloudfoundry-community / spiff_cli_install
Known security vulnerabilities detected
Dependencyrack Version< 1.5.4 Upgrade to~> 1.5.4 Vulnerabilities
CVE-2015-3225 Moderate severity Defined inGemfile.lock
Dependencyrack-protection Version< 1.5.5 Upgrade to~> 1.5.5 Vulnerabilities
CVE-2018-1000119 Moderate severity Defined inGemfile.lock
Review all vulnerable dependencies
hazelcast organization
hazelcast / hazelcast-code-samples
Known security vulnerabilities detected
Dependencyorg.springframework:spring-core Version>= 4.0.0< 4.1.7 Upgrade to~> 4.1.7 Vulnerabilities
CVE-2015-5211 High severity CVE-2018-1270 High severity CVE-2018-1275 High severity CVE-2018-1270 High severity CVE-2018-1275 High severity View 58 more Defined inpom.xml
Dependencycom.fasterxml.jackson.core:jackson-databind Version< 2.6.7.1 Upgrade to~> 2.6.7.1 Vulnerabilities
CVE-2017-7525 High severity CVE-2018-7489 High severity CVE-2017-15095 High severity CVE-2017-17485 High severity Defined inpom.xml
Review all vulnerable dependencies Always verify the validity and compatibility of suggestions with your codebase.
GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107