Eclipse Community Forums: EGit / JGit » Security issue: CVE-2023-4759 on Java 8

Home » Eclipse Projects » EGit / JGit » Security issue: CVE-2023-4759 on Java 8(How to fix CVE-2023-4759 on jgit)

Security issue: CVE-2023-4759 on Java 8 [message #1862132]

Tue, 14 November 2023 09:55

Eclipse User

Friend

Hello team,
We use JGIT in our project and currently we are on Jgit 5.8, however we have a security concern (https://www.eclipse.org/forums/index.php?/r/frm_id/48/??SQ=ba5e6eb6365ec54b61d94f4096f24728&S=dc9affae313c8c7b2458f5e70afedd04).

This issue was fixed on 6.6.1 however this requires java 11, we're currently on Java 8 and we can't upgrade to java 11.
Is there a patch on older versions that fixes this issue while still supporting java 8?

Re: Security issue: CVE-2023-4759 on Java 8 [message #1863007 is a reply to message #1862132]

Wed, 10 January 2024 15:58

Eclipse User

Friend

Chao Wang downported the fix to stable-5.13, see https://eclipse.gerrithub.io/c/eclipse-jgit/jgit/+/204642
I can release 5.13.3 soon.

Re: Security issue: CVE-2023-4759 on Java 8 [message #1863023 is a reply to message #1863007]

Thu, 11 January 2024 03:23

Eclipse User

Friend

Hello!

Thanks a lot for this, it's a very good news for us! .
Is there a release date expected for 5.13.3?

Best,
Abbas

[Updated on: Thu, 11 January 2024 03:36] by Moderator

Re: Security issue: CVE-2023-4759 on Java 8 [message #1863339 is a reply to message #1863023]

Sat, 27 January 2024 11:57

Eclipse User

Friend

5.13.3 was released on Jan 11, see https://projects.eclipse.org/projects/technology.jgit/releases/5.13.3

Previous Topic:	local eclipse php project git repository clone to another local directory
Next Topic:	JGit Merge Test

Goto Forum:

-=] Back to Top [=-

Current Time: Tue Jul 15 10:02:20 EDT 2025

Powered by FUDForum. Page generated in 0.08273 seconds

.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top