Vulnerability Fixes and Workload Identity Enablement (!631) · Merge requests · OSDU / OSDU Data Platform / Security and Compliance / Legal

Daniel Scholl (MS] requested to merge vulnerabilities into master Dec 11, 2024

New Feature: Updated OSDU Core Lib Azure supports workload identity capabilities.

Fix: Resolve vulnerabilities in `pom.xml`

This PR highlights the vulnerabilities that have been resolved in pom.xml. Below is the delta of vulnerabilities that were present in the previous scan but are no longer found in the current state.

Resolved Vulnerabilities:

com.azure:azure-identity
- Vulnerability: CVE-2024-35255
- Severity: Medium
- Issue: Azure Identity Libraries Elevation of Privilege Vulnerability
- Resolution: Upgraded from 1.11.2 to 1.12.2.

Vulnerability Fixes and Workload Identity Enablement

New Feature: Updated OSDU Core Lib Azure supports workload identity capabilities.

Fix: Resolve vulnerabilities in pom.xml

Resolved Vulnerabilities:

Merge request reports

Fix: Resolve vulnerabilities in `pom.xml`