Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency org.codehaus.groovy:groovy-all to v2 [security] - autoclosed #262

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 17, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.codehaus.groovy:groovy-all (source) 1.8.9 -> 2.4.8 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2015-3253

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sorry, something went wrong.

@renovate renovate bot force-pushed the renovate/maven-org.codehaus.groovy-groovy-all-vulnerability branch 2 times, most recently from 4e7e3ee to 7eb3029 Compare October 23, 2024 01:16

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
…curity]
@renovate renovate bot force-pushed the renovate/maven-org.codehaus.groovy-groovy-all-vulnerability branch from 7eb3029 to 671a1d1 Compare January 30, 2025 22:30
@renovate renovate bot changed the title fix(deps): update dependency org.codehaus.groovy:groovy-all to v2 [security] fix(deps): update dependency org.codehaus.groovy:groovy-all to v2 [security] - autoclosed Jan 30, 2025
@renovate renovate bot closed this Jan 30, 2025
@renovate renovate bot deleted the renovate/maven-org.codehaus.groovy-groovy-all-vulnerability branch January 30, 2025 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

0 participants