Vulnerability Fixes and Workload Identity Enablement
New Feature: Updated OSDU Core Lib Azure supports workload identity capabilities.
pom.xml
Fix: Resolve vulnerabilities in This PR highlights the vulnerabilities that have been resolved in pom.xml
. Below is the delta of vulnerabilities that were present in the previous scan but are no longer found in the current state.
Resolved Vulnerabilities:
-
com.azure:azure-identity
- Vulnerability: CVE-2024-35255
- Severity: Medium
- Issue: Azure Identity Libraries Elevation of Privilege Vulnerability
-
Resolution: Upgraded from
1.11.2
to1.12.2
.
Merge request reports
Activity
changed milestone to %M25 - Release 0.28
requested review from @danielscholl
assigned to @danielscholl
requested review from @dekelle
added Azure ImpactMajor MRDependencies Upgrade Vulnerability Management labels
- Resolved by Daniel Scholl (MS]
added 1 commit
- 1f3b9e0a - updated core-lib-azure version and surefire plugin version
added 25 commits
-
8095cb11...635b9674 - 10 commits from branch
master
- 635b9674...29a76232 - 5 earlier commits
- cd15478d - Added dependency to IBM pom file to reference os-core-common-spring6
- ad9a90e9 - Added dependency for springdoc-openapi
- 60a0e4a7 - Added starter web to fix vulns.
- fe86fa2b - Added vuln fix
- 2990324c - Added vuln fix
- 04661da1 - Added surefire plugin.
- 8b1887be - Fossa Notice updated
- 4076c93e - updated core-lib-azure version and surefire plugin version
- f3e44e18 - update legal-core to os-core-common 3.3.0
- 82c08d16 - Rebase vulnerabilities branch to master
Toggle commit list-
8095cb11...635b9674 - 10 commits from branch
95 </dependency> 25 <parent> 26 <artifactId>legal-service</artifactId> 27 <groupId>org.opengroup.osdu.legal</groupId> 28 <version>0.28.0-SNAPSHOT</version> 29 <relativePath>../../pom.xml</relativePath> 30 </parent> 96 31 97 <!--explicitly load latest compatible version with security fix in it--> 98 <dependency> 99 <groupId>com.fasterxml.woodstox</groupId> 100 <artifactId>woodstox-core</artifactId> 101 <version>${woodstox-core.version}</version> 102 </dependency> 32 <properties> 33 <core-lib-azure.version>trusted-vulnerabilities-SNAPSHOT</core-lib-azure.version> changed this line in version 11 of the diff
added 1 commit
- 0ac71b04 - Updated pom to be compatable with new version of os core lib azure.
Please register or sign in to reply