[webanno/webanno] 66c2ca: Bump mysql-connector-java from 8.0.27 to 8.0.28
2 views
Skip to first unread message
Richard Eckart de Castilho
Oct 25, 2022, 4:31:10 PM10/25/22
to webanno...@googlegroups.com
Branch: refs/heads/dependabot/maven/org.springframework.security-spring-security-core-5.5.7
Home: https://github.com/webanno/webanno
Commit: 66c2ca84c3c18ce43d5da8031da86454ced636e4
https://github.com/webanno/webanno/commit/66c2ca84c3c18ce43d5da8031da86454ced636e4
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2022-06-21 (Tue, 21 Jun 2022)
Changed paths:
M pom.xml
Log Message:
-----------
Bump mysql-connector-java from 8.0.27 to 8.0.28
Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.27 to 8.0.28.
- [Release notes](https://github.com/mysql/mysql-connector-j/releases)
- [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES)
- [Commits](https://github.com/mysql/mysql-connector-j/compare/8.0.27...8.0.28)
---
updated-dependencies:
- dependency-name: mysql:mysql-connector-java
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Commit: 3ee64d01e1d9da1a7174363d4bec516badcee17c
https://github.com/webanno/webanno/commit/3ee64d01e1d9da1a7174363d4bec516badcee17c
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-06-21 (Tue, 21 Jun 2022)
Changed paths:
M pom.xml
Log Message:
-----------
Merge pull request #1965 from webanno/dependabot/maven/mysql-mysql-connector-java-8.0.28
Bump mysql-connector-java from 8.0.27 to 8.0.28
Commit: 6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
https://github.com/webanno/webanno/commit/6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
Author: Jonathan Leitschuh <Jonathan....@gmail.com>
Date: 2022-10-04 (Tue, 04 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
vuln-fix: Temporary Directory Hijacking or Information Disclosure
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.
Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)
Reported-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10
Co-authored-by: Moderne <te...@moderne.io>
Commit: e029a76d68341702747078d9bc412ceeb32de7b6
https://github.com/webanno/webanno/commit/e029a76d68341702747078d9bc412ceeb32de7b6
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge pull request #1967 from BulkSecurityGeneratorProjectV2/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure
[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability
Commit: 06d5f7bb9e2ffcbfd3b05522191e7b69f497fc87
https://github.com/webanno/webanno/commit/06d5f7bb9e2ffcbfd3b05522191e7b69f497fc87
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M pom.xml
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge branch 'master' into dependabot/maven/org.springframework.security-spring-security-core-5.5.7
Compare: https://github.com/webanno/webanno/compare/b7bb09900977...06d5f7bb9e2f
Home: https://github.com/webanno/webanno
Commit: 66c2ca84c3c18ce43d5da8031da86454ced636e4
https://github.com/webanno/webanno/commit/66c2ca84c3c18ce43d5da8031da86454ced636e4
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2022-06-21 (Tue, 21 Jun 2022)
Changed paths:
M pom.xml
Log Message:
-----------
Bump mysql-connector-java from 8.0.27 to 8.0.28
Bumps [mysql-connector-java](https://github.com/mysql/mysql-connector-j) from 8.0.27 to 8.0.28.
- [Release notes](https://github.com/mysql/mysql-connector-j/releases)
- [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/8.0/CHANGES)
- [Commits](https://github.com/mysql/mysql-connector-j/compare/8.0.27...8.0.28)
---
updated-dependencies:
- dependency-name: mysql:mysql-connector-java
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Commit: 3ee64d01e1d9da1a7174363d4bec516badcee17c
https://github.com/webanno/webanno/commit/3ee64d01e1d9da1a7174363d4bec516badcee17c
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-06-21 (Tue, 21 Jun 2022)
Changed paths:
M pom.xml
Log Message:
-----------
Merge pull request #1965 from webanno/dependabot/maven/mysql-mysql-connector-java-8.0.28
Bump mysql-connector-java from 8.0.27 to 8.0.28
Commit: 6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
https://github.com/webanno/webanno/commit/6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
Author: Jonathan Leitschuh <Jonathan....@gmail.com>
Date: 2022-10-04 (Tue, 04 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
vuln-fix: Temporary Directory Hijacking or Information Disclosure
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.
Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)
Reported-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10
Co-authored-by: Moderne <te...@moderne.io>
Commit: e029a76d68341702747078d9bc412ceeb32de7b6
https://github.com/webanno/webanno/commit/e029a76d68341702747078d9bc412ceeb32de7b6
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge pull request #1967 from BulkSecurityGeneratorProjectV2/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure
[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability
Commit: 06d5f7bb9e2ffcbfd3b05522191e7b69f497fc87
https://github.com/webanno/webanno/commit/06d5f7bb9e2ffcbfd3b05522191e7b69f497fc87
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M pom.xml
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge branch 'master' into dependabot/maven/org.springframework.security-spring-security-core-5.5.7
Compare: https://github.com/webanno/webanno/compare/b7bb09900977...06d5f7bb9e2f
Richard Eckart de Castilho
Oct 25, 2022, 4:31:20 PM10/25/22
to webanno...@googlegroups.com
Branch: refs/heads/dependabot/maven/org.springframework-spring-core-5.3.20
Commit: 3e9ac66f25cf6462c6990568659e5a7bf04060ae
https://github.com/webanno/webanno/commit/3e9ac66f25cf6462c6990568659e5a7bf04060ae
Compare: https://github.com/webanno/webanno/compare/0ff19e883b9e...3e9ac66f25cf
https://github.com/webanno/webanno/commit/3e9ac66f25cf6462c6990568659e5a7bf04060ae
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M pom.xml
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge branch 'master' into dependabot/maven/org.springframework-spring-core-5.3.20
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M pom.xml
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Compare: https://github.com/webanno/webanno/compare/0ff19e883b9e...3e9ac66f25cf
Reply all
Reply to author
Forward
0 new messages