Skip to content
Snippets Groups Projects

Vulnerability Fixes and Workload Identity Enablement

Merged Vulnerability Fixes and Workload Identity Enablement
vulnerabilities into master
Merged Daniel Scholl (MS] requested to merge vulnerabilities into master

New Feature: Updated OSDU Core Lib Azure supports workload identity capabilities.

Fix: Resolve vulnerabilities in pom.xml

This PR highlights the vulnerabilities that have been resolved in pom.xml. Below is the delta of vulnerabilities that were present in the previous scan but are no longer found in the current state.

Resolved Vulnerabilities:

  1. com.azure:azure-identity
    • Vulnerability: CVE-2024-35255
    • Severity: Medium
    • Issue: Azure Identity Libraries Elevation of Privilege Vulnerability
    • Resolution: Upgraded from 1.11.2 to 1.12.2.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    • 1f3b9e0a - updated core-lib-azure version and surefire plugin version

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    • 8095cb11 - update legal-core to os-core-common 3.3.0

    Compare with previous version

  • Devin Kelley added 25 commits

    added 25 commits

    Compare with previous version

    Toggle commit list
  • Devin Kelley added 1 commit

    added 1 commit

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    Compare with previous version

  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    • 8923e102 - Updating to latest azure library.

    Compare with previous version

  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    • cda7bbc8 - Updated legal to use latest base container.

    Compare with previous version

  • Daniel Scholl (MS]
    Daniel Scholl (MS] @danielscholl started a thread on an old version of the diff
    • provider/legal-azure/pom.xml
    95 </dependency>
    25 <parent>
    26 <artifactId>legal-service</artifactId>
    27 <groupId>org.opengroup.osdu.legal</groupId>
    28 <version>0.28.0-SNAPSHOT</version>
    29 <relativePath>../../pom.xml</relativePath>
    30 </parent>
    96 31
    97 <!--explicitly load latest compatible version with security fix in it-->
    98 <dependency>
    99 <groupId>com.fasterxml.woodstox</groupId>
    100 <artifactId>woodstox-core</artifactId>
    101 <version>${woodstox-core.version}</version>
    102 </dependency>
    32 <properties>
    33 <core-lib-azure.version>trusted-vulnerabilities-SNAPSHOT</core-lib-azure.version>
  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    Compare with previous version

  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    • d59f1a48 - Bumped os-core-lib version to release.

    Compare with previous version

  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    • 0ac71b04 - Updated pom to be compatable with new version of os core lib azure.

    Compare with previous version

  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    Compare with previous version

  • Daniel Scholl (MS] added 1 commit

    added 1 commit

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
    • Please register or sign in to reply