Security alerts on GitHub
I don’t get these at a PMC level.
*From:*ee4j-pmc-bounces@xxxxxxxxxxx <ee4j-pmc-bounces@xxxxxxxxxxx> *On Behalf
Of *Bill Shannon
*Sent:* 30 October 2018 23:55
*To:* EE4J PMC Discussions <ee4j-pmc@xxxxxxxxxxx>
*Subject:* [ee4j-pmc] Fwd: Your GitHub security alerts for the week of Oct 23
- Oct 30
Is anyone on the PMC tracking these security alerts?
Shouldn't someone ensure that the EE4J projects are responding to these in a
timely manner?
(Obviously ignore the "javaee" entries below.)
-------- Forwarded Message --------
*Subject: *
Your GitHub security alerts for the week of Oct 23 - Oct 30
*Date: *
Tue, 30 Oct 2018 17:36:28 +0000 (UTC)
*From: *
GitHub <noreply@xxxxxxxxxx> <mailto:noreply@xxxxxxxxxx>
*To: *
Bill Shannon <bill.shannon@xxxxxxxxxx> <mailto:bill.shannon@xxxxxxxxxx>
Explore this week on GitHub
GitHub security alerts__
GitHub <https://github.com> security alert digest
*bshannon’s*repository security updates from the week of *Oct 23 - Oct 30*
<https://github.com>
Java EE organization <https://github.com>
Warning!
javaee / *metro-jaxws-commons*
<https://github.com/javaee/metro-jaxws-commons>
*Known security vulnerabilities detected*
Dependencyorg.springframework:spring-core
Version> 3.2.0 < 3.2.15
Upgrade to~> 3.2.15
Vulnerabilities
CVE-2015-5211 High severity
CVE-2018-1270 High severity
CVE-2018-1275 High severity
CVE-2015-3192 Moderate severity
CVE-2016-5007 Moderate severity
View 3 more
<https://github.com/javaee/metro-jaxws-commons/network/alert/spring/spring-core/pom.xml/org.springframework:spring-core/open>
Defined inpom.xml
*Review all vulnerable dependencies*
<https://github.com/javaee/metro-jaxws-commons/network/alerts>
Warning!
javaee / *javadb* <https://github.com/javaee/javadb>
*Known security vulnerabilities detected*
Dependencyorg.apache.axis:axis
Version<= 1.4
Vulnerabilities
CVE-2014-3596 Moderate severity
CVE-2018-8032 Moderate severity
Defined inpom.xml
*Review all vulnerable dependencies*
<https://github.com/javaee/javadb/network/alerts>
Warning!
javaee / *external* <https://github.com/javaee/external>
*Known security vulnerabilities detected*
Dependencyorg.apache.axis:axis
Version<= 1.4
Vulnerabilities
CVE-2014-3596 Moderate severity
CVE-2018-8032 Moderate severity
Defined inpom.xml
*Review all vulnerable dependencies*
<https://github.com/javaee/external/network/alerts>
<https://github.com>
Eclipse EE4J organization <https://github.com>
Warning!
eclipse-ee4j / *tyrus* <https://github.com/eclipse-ee4j/tyrus>
*Known security vulnerabilities detected*
Dependencyorg.eclipse.jetty:jetty-server
Version< 9.2.25.v20180606
Upgrade to~> 9.2.25.v20180606
Vulnerabilities
CVE-2017-7657 Critical severity
CVE-2017-7656 Moderate severity
Defined inpom.xml
*Review all vulnerable dependencies*
<https://github.com/eclipse-ee4j/tyrus/network/alerts>
Warning!
eclipse-ee4j / *grizzly-ahc*
<https://github.com/eclipse-ee4j/grizzly-ahc>
*Known security vulnerabilities detected*
Dependencyorg.eclipse.jetty:jetty-server
Version>= 9.4.0 < 9.4.11.v20180605
Upgrade to~> 9.4.11.v20180605
Vulnerabilities
CVE-2018-12538 Moderate severity
CVE-2018-12536 Moderate severity
CVE-2017-7656 Moderate severity
Defined inpom.xml
*Review all vulnerable dependencies*
<https://github.com/eclipse-ee4j/grizzly-ahc/network/alerts>
/Always verify the validity and compatibility of suggestions with your
codebase. /
------------------------------------------------------------------------
Unsubscribe
<https://github.com/email/unsubscribe?token=AAKLo8HMACwtuFae2pc5lUHVqhk50Feqks5ducoagaRuYW1lrXZ1bG5lcmFiaWxpdHk%3D>
· Email preferences <https://github.com/settings/emails> · Terms
<https://help.github.com/articles/github-terms-of-service> · Privacy
<https://help.github.com/articles/github-privacy-policy> · Sign into GitHub
<https://github.com/login>
GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107
_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-pmc