Skip to content

Commit

Permalink
Fix for CVE-2976 + add CVE checker (#624) (#625)
Browse files Browse the repository at this point in the history
* Fix for CVE-2976 + add CVE checker

Signed-off-by: Omar Khasawneh <[email protected]>

* Updated Changelog

Signed-off-by: Omar Khasawneh <[email protected]>

---------

Signed-off-by: Omar Khasawneh <[email protected]>
(cherry picked from commit d09bb4e)

Co-authored-by: Omar Khasawneh <[email protected]>
  • Loading branch information
reta and okhasawn authored Sep 15, 2023
1 parent ed66cf6 commit d5340a4
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Fix PutMappingRequest by removing unsupported fields ([#597](https://github.com/opensearch-project/opensearch-java/pull/597))
- [BUG] JarHell caused by latest software.amazon.awssdk 2.20.141 ([#616](https://github.com/opensearch-project/opensearch-java/pull/616))
- Don't over-allocate in HeapBufferedAsyncEntityConsumer in order to consume the response ([#620](https://github.com/opensearch-project/opensearch-java/pull/620))
- Fixed CVE-2976 + added CVE checker ([#624](https://github.com/opensearch-project/opensearch-java/pull/624))

### Security

Expand Down
5 changes: 4 additions & 1 deletion java-client/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -49,16 +49,19 @@ plugins {
checkstyle
`maven-publish`
id("com.github.jk1.dependency-license-report") version "2.5"
id("org.owasp.dependencycheck") version "8.4.0"
}

apply(plugin = "org.owasp.dependencycheck")

configurations {
all {
exclude(group = "software.amazon.awssdk", module = "third-party-jackson-core")
}
}

checkstyle {
toolVersion = "10.0"
toolVersion = "10.12.3"
}

java {
Expand Down

0 comments on commit d5340a4

Please sign in to comment.