From c8e90caf58926e71365a86600e9691b7e2a8e2bd Mon Sep 17 00:00:00 2001 From: Alexandros Moraitis Date: Tue, 14 Mar 2023 16:26:46 +0100 Subject: [PATCH 1/3] Update maven-core to 3.8.2 This commit fixes the maven-shared-utils vulerability --- maven/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/maven/pom.xml b/maven/pom.xml index f5e88ea50..8232b545a 100644 --- a/maven/pom.xml +++ b/maven/pom.xml @@ -24,7 +24,7 @@ org.apache.maven maven-core - 3.6.0 + 3.8.2 provided From ba86ab866e7938d12cfee2e963223e2ede6583dd Mon Sep 17 00:00:00 2001 From: Alexandros Moraitis Date: Sun, 26 Mar 2023 22:37:55 +0200 Subject: [PATCH 2/3] Update pom.xml The update from SnakeYAML 1.33 to 2.0 includes important security enhancements to address a known vulnerability. In previous versions of SnakeYAML, it was possible for an attacker to exploit a YAML parsing vulnerability to execute arbitrary code on the host system. SnakeYAML 2.0 includes several changes to mitigate this vulnerability. One of the key changes is the introduction of a new default parser, which is now based on the Jackson YAML parser. This new parser is designed to be more secure and resistant to malicious input than the previous parser. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 74d26b46a..16add1e94 100644 --- a/pom.xml +++ b/pom.xml @@ -83,7 +83,7 @@ https://sonarcloud.io ${project.artifactId} - 2.1.12 + 2.1.13 2.0.7 From b0d3124cdaf3fa17c04b3de9917b28f289ab4053 Mon Sep 17 00:00:00 2001 From: Alexandros Moraitis Date: Sun, 26 Mar 2023 22:45:16 +0200 Subject: [PATCH 3/3] Revert "Update maven-core to 3.8.2" --- maven/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/maven/pom.xml b/maven/pom.xml index 8232b545a..f5e88ea50 100644 --- a/maven/pom.xml +++ b/maven/pom.xml @@ -24,7 +24,7 @@ org.apache.maven maven-core - 3.8.2 + 3.6.0 provided