Skip to content
Snippets Groups Projects

Vulnerability Fixes and Workload Identity Enablement

Merged Daniel Scholl (MS] requested to merge vulnerabilities into master

New Feature: Updated OSDU Core Lib Azure supports workload identity capabilities.

Fix: Resolve vulnerabilities in pom.xml

This PR highlights the vulnerabilities that have been resolved in pom.xml. Below is the delta of vulnerabilities that were present in the previous scan but are no longer found in the current state.

Resolved Vulnerabilities:

  1. com.azure:azure-identity
    • Vulnerability: CVE-2024-35255
    • Severity: Medium
    • Issue: Azure Identity Libraries Elevation of Privilege Vulnerability
    • Resolution: Upgraded from 1.11.2 to 1.12.2.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • added 1 commit

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    • 1f3b9e0a - updated core-lib-azure version and surefire plugin version

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    • 8095cb11 - update legal-core to os-core-common 3.3.0

    Compare with previous version

  • Devin Kelley added 25 commits

    added 25 commits

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    Compare with previous version

  • Devin Kelley added 1 commit

    added 1 commit

    Compare with previous version

  • added 1 commit

    • 8923e102 - Updating to latest azure library.

    Compare with previous version

  • added 1 commit

    • cda7bbc8 - Updated legal to use latest base container.

    Compare with previous version

  • 95 </dependency>
    25 <parent>
    26 <artifactId>legal-service</artifactId>
    27 <groupId>org.opengroup.osdu.legal</groupId>
    28 <version>0.28.0-SNAPSHOT</version>
    29 <relativePath>../../pom.xml</relativePath>
    30 </parent>
    96 31
    97 <!--explicitly load latest compatible version with security fix in it-->
    98 <dependency>
    99 <groupId>com.fasterxml.woodstox</groupId>
    100 <artifactId>woodstox-core</artifactId>
    101 <version>${woodstox-core.version}</version>
    102 </dependency>
    32 <properties>
    33 <core-lib-azure.version>trusted-vulnerabilities-SNAPSHOT</core-lib-azure.version>
  • added 1 commit

    Compare with previous version

  • added 1 commit

    • d59f1a48 - Bumped os-core-lib version to release.

    Compare with previous version

  • added 1 commit

    • 0ac71b04 - Updated pom to be compatable with new version of os core lib azure.

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • added 1 commit

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading