This repository has been archived by the owner on Oct 10, 2024. It is now read-only.
Update dependency com.puppycrawl.tools:checkstyle to v8.29 [SECURITY] #948
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
6 times, most recently
from
8c80610
to
bc513b7
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
bc513b7
to
d0b64fe
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
d0b64fe
to
33dc911
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
33dc911
to
17c4768
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
17c4768
to
2de46f1
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
2de46f1
to
06f052e
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
06f052e
to
16b91e9
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
16b91e9
to
5b6f0f1
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
5b6f0f1
to
4e9488f
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
2 times, most recently
from
9ed263a
to
9ae8231
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
9ae8231
to
37f5543
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
3 times, most recently
from
e6d782b
to
cf554aa
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
2 times, most recently
from
c5ff8a5
to
34bfa11
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
34bfa11
to
a1b43a2
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
a1b43a2
to
ede20fc
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
ede20fc
to
40d0016
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
40d0016
to
fd6e973
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
2 times, most recently
from
ffb7ebb
to
e2a03aa
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
e2a03aa
to
6ffbde4
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
6ffbde4
to
d9a3273
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
d9a3273
to
e0d2ba5
Compare
renovate
bot
force-pushed
the
renovate/maven-com.puppycrawl.tools-checkstyle-vulnerability
branch
from
e0d2ba5
to
78d5458
Compare
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
8.18->8.29GitHub Vulnerability Alerts
CVE-2019-10782
Due to an incomplete fix for CVE-2019-9658, checkstyle was still vulnerable to XML External Entity (XXE) Processing.
Impact
User: Build Maintainers
This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a pull request reviewer before being run on internal CI infrastructure.
User: Static Analysis as a Service
If you operate a site/service that parses "untrusted" Checkstyle XML configuration files, you are vulnerable to this and should patch.
Note from the discoverer of the original CVE-2019-9658:
Patches
Has the problem been patched? What versions should users upgrade to?
Patched, will be released with version 8.29 at 26 Jan 2020.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No workaround are available
References
For more information
If you have any questions or comments about this advisory:
Release Notes
checkstyle/checkstyle (com.puppycrawl.tools:checkstyle)
v8.29Compare Source
v8.28Compare Source
v8.27Compare Source
v8.26Compare Source
v8.25Compare Source
v8.24Compare Source
v8.23v8.22v8.21v8.20v8.19Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.