Unresolved CVE on JGit 5.x. Possible to move to JGit 6.x? #177
Comments
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
tomasbjerre
added a commit
that referenced
this issue
Jan 26, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
|
It would mean dropping Java 8 support but I think it is time for that anyway. |
tomasbjerre
added a commit
that referenced
this issue
Jan 27, 2024
BREAKING CHANGE: JGit major version from 5 to 6 and require Java 11 (refs #177)
|
This is released now, open issue again if any problems. |
|
Thanks for the quick turnaround on this :) |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hi.
This project currently depends on JGit 5.13.1.202206130422-r which is associated with CVE-2023-4759.
This prevents projects that perform vulnerability scanning from building with a dependency to git-changelog-lib.
The CVE is resolved in JGit releases newer than 6.6.0.202305301015-r.
Regards
Christian
The text was updated successfully, but these errors were encountered: