Skip to content

Update gson version to fix sonatype-2025-000535 #572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Update gson version to fix sonatype-2025-000535 #572

wants to merge 4 commits into from

Conversation

silviuburceadev
Copy link

gson has fixed sonatype-2025-000535 on their side in version 2.12.0 , so bumping the version in split.io Java client.

See gson 2.12.0 Release notes https://github.com/google/gson/releases/tag/gson-parent-2.12.0, in particular this one:

chillaq and others added 3 commits April 17, 2025 10:06
@chillaq
Merge pull request splitio#546 from splitio/development

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
5130220 
Release 4.15.0
@chillaq
Merge pull request splitio#571 from splitio/development

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
193f3c4 
Release 4.16.0
@silviuburceadev
Update gson version to fix sonatype-2025-000535

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
4fe4ac5
@silviuburceadev silviuburceadev requested a review from a team as a code owner June 4, 2025 08:27
@silviuburceadev silviuburceadev mentioned this pull request Jun 4, 2025
Open
@silviuburceadev
Copy link
Author

@chillaq Is there anything I need to do to have this merged, so we can get rid of the vulnerability?

@silviuburceadev silviuburceadev changed the base branch from master to development July 14, 2025 05:08
@silviuburceadev
Merge branch 'development' into patch-2

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
fd92c57
@robsmorenburg
Copy link

robsmorenburg commented Jul 14, 2025
edited
Loading

+1

This PR was created 1 month ago. What is the status?

@agustinona
Copy link

Hi @silviuburceadev and @robsmorenburg apologies for the lack of updates here. This PR is scheduled to be included in our next release.

@robsmorenburg
Copy link

Good to hear. What is the planned release date?

Each week we re-evaluate the situation.
Our options are limited.
It impacts squads and our products.

@agustinona
Copy link

@robsmorenburg version 4.16.1-rc1 is already available for you to test, and the stable release is expected to be live by tomorrow EOD.

@sanzmauro
Copy link
Contributor

Hi @silviuburceadev and @robsmorenburg,

We’ve released version 4.16.1
I’m going to close this ticket, but feel free to reopen it if needed

@sanzmauro sanzmauro closed this Jul 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@silviuburceadev @robsmorenburg @agustinona @sanzmauro @chillaq