Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sumeet-devops/docker-java-sample
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: arun-gupta/docker-java-sample
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 2 commits
  • 1 file changed
  • 3 contributors

Commits on Dec 16, 2023

  1. vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 

    This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSS: 8.1
Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: JLLeitschuh/security-research#8
Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: JLLeitschuh/security-research#8


Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D

Co-authored-by: Moderne <team@moderne.io>
    @JLLeitschuh @TeamModerne
    JLLeitschuh and TeamModerne committed Dec 16, 2023
    Configuration menu
    Copy the full SHA
    b55cba8 View commit details
    Browse the repository at this point in the history

Commits on Dec 18, 2023

  1. Merge pull request arun-gupta#24 from BulkSecurityGeneratorProjectV2/… 

    …fix/JLL/use_https_to_resolve_dependencies_maven

[SECURITY] Use HTTPS to resolve dependencies in Maven Build
    @arun-gupta
    arun-gupta authored Dec 18, 2023
    Configuration menu
    Copy the full SHA
    d7f3907 View commit details
    Browse the repository at this point in the history
Loading