Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ee4j-pmc] Fwd: Your GitHub security alerts for the week of Oct 23 - Oct 30

You have to be an org admin.

Experience at the ASF is that they are mostly noise due to a high false positive rate.

Mark


On 31/10/2018 17:24, Bill Shannon wrote:
I'm not sure who gets these.  You may have to be a Committer on the project or an admin for the organization.

Steve Millidge (Payara) wrote on 10/31/2018 02:24 AM:
Security alerts on GitHub

I don’t get these at a PMC level.

*From:*ee4j-pmc-bounces@xxxxxxxxxxx <ee4j-pmc-bounces@xxxxxxxxxxx> *On Behalf Of *Bill Shannon
*Sent:* 30 October 2018 23:55
*To:* EE4J PMC Discussions <ee4j-pmc@xxxxxxxxxxx>
*Subject:* [ee4j-pmc] Fwd: Your GitHub security alerts for the week of Oct 23 - Oct 30

Is anyone on the PMC tracking these security alerts?

Shouldn't someone ensure that the EE4J projects are responding to these in a timely manner?


(Obviously ignore the "javaee" entries below.)


-------- Forwarded Message --------

*Subject: *

	

Your GitHub security alerts for the week of Oct 23 - Oct 30

*Date: *

	

Tue, 30 Oct 2018 17:36:28 +0000 (UTC)

*From: *

	

GitHub <noreply@xxxxxxxxxx> <mailto:noreply@xxxxxxxxxx>

*To: *

	

Bill Shannon <bill.shannon@xxxxxxxxxx> <mailto:bill.shannon@xxxxxxxxxx>





	

Explore this week on GitHub

GitHub security alerts__


  GitHub <https://github.com> security alert digest

*bshannon’s*repository security updates from the week of *Oct 23 - Oct 30*

<https://github.com>

	


      Java EE organization <https://github.com>

Warning!

	


      javaee / *metro-jaxws-commons*
      <https://github.com/javaee/metro-jaxws-commons>

*Known security vulnerabilities detected*

Dependencyorg.springframework:spring-core

	

Version> 3.2.0 < 3.2.15

	

Upgrade to~> 3.2.15

Vulnerabilities

CVE-2015-5211 High severity

CVE-2018-1270 High severity

CVE-2018-1275 High severity

CVE-2015-3192 Moderate severity

CVE-2016-5007 Moderate severity

View 3 more <https://github.com/javaee/metro-jaxws-commons/network/alert/spring/spring-core/pom.xml/org.springframework:spring-core/open>

	

Defined inpom.xml

	


	

*Review all vulnerable dependencies* <https://github.com/javaee/metro-jaxws-commons/network/alerts>

Warning!

	


      javaee / *javadb* <https://github.com/javaee/javadb>

*Known security vulnerabilities detected*

Dependencyorg.apache.axis:axis

	

Version<= 1.4

	

Vulnerabilities

CVE-2014-3596 Moderate severity

CVE-2018-8032 Moderate severity

	

Defined inpom.xml

	


	

*Review all vulnerable dependencies* <https://github.com/javaee/javadb/network/alerts>

Warning!

	


      javaee / *external* <https://github.com/javaee/external>

*Known security vulnerabilities detected*

Dependencyorg.apache.axis:axis

	

Version<= 1.4

	

Vulnerabilities

CVE-2014-3596 Moderate severity

CVE-2018-8032 Moderate severity

	

Defined inpom.xml

	


	

*Review all vulnerable dependencies* <https://github.com/javaee/external/network/alerts>

<https://github.com>

	


      Eclipse EE4J organization <https://github.com>

Warning!

	


      eclipse-ee4j / *tyrus* <https://github.com/eclipse-ee4j/tyrus>

*Known security vulnerabilities detected*

Dependencyorg.eclipse.jetty:jetty-server

	

Version< 9.2.25.v20180606

	

Upgrade to~> 9.2.25.v20180606

Vulnerabilities

CVE-2017-7657 Critical severity

CVE-2017-7656 Moderate severity

	

Defined inpom.xml

	


	

*Review all vulnerable dependencies* <https://github.com/eclipse-ee4j/tyrus/network/alerts>

Warning!

	


      eclipse-ee4j / *grizzly-ahc*
      <https://github.com/eclipse-ee4j/grizzly-ahc>

*Known security vulnerabilities detected*

Dependencyorg.eclipse.jetty:jetty-server

	

Version>= 9.4.0 < 9.4.11.v20180605

	

Upgrade to~> 9.4.11.v20180605

Vulnerabilities

CVE-2018-12538 Moderate severity

CVE-2018-12536 Moderate severity

CVE-2017-7656 Moderate severity

	

Defined inpom.xml

	


	

*Review all vulnerable dependencies* <https://github.com/eclipse-ee4j/grizzly-ahc/network/alerts>

/Always verify the validity and compatibility of suggestions with your codebase. /

------------------------------------------------------------------------

Unsubscribe <https://github.com/email/unsubscribe?token=AAKLo8HMACwtuFae2pc5lUHVqhk50Feqks5ducoagaRuYW1lrXZ1bG5lcmFiaWxpdHk%3D> · Email preferences <https://github.com/settings/emails> · Terms <https://help.github.com/articles/github-terms-of-service> · Privacy <https://help.github.com/articles/github-privacy-policy> · Sign into GitHub <https://github.com/login>

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107



_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-pmc



_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-pmc



Back to the top