Skip to content
This repository has been archived by the owner on Jul 6, 2022. It is now read-only.

Commit

Permalink
Version 0.19.9
Browse files Browse the repository at this point in the history 
- Bumped Jackson dependency version in response to CVE-2019-20330 and
  CVE-2020-8840
  • Loading branch information
@emlun
emlun committed Mar 5, 2020
2 parents 825fb18 + c86fc37 commit 2aa0416
Show file tree
Hide file tree
Showing 8 changed files with 52 additions and 12 deletions.
35 changes: 35 additions & 0 deletions .github/workflows/scan.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: static code analysis

on:
push:
schedule:
- cron: '0 0 * * 1'

env:
SCAN_IMG:
yes-docker-local.artifactory.in.yubico.org/static-code-analysis/java:v1

jobs:
build:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@master

- name: Prep scan
run: |
docker login yes-docker-local.artifactory.in.yubico.org/ \
-u svc-static-code-analysis-reader \
-p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
docker pull ${SCAN_IMG}
- name: Scan and fail on warnings
run: |
docker run -v${PWD}:/k \
-e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
- uses: actions/upload-artifact@master
if: failure()
with:
name: suppression_files
path: suppression_files
5 changes: 5 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
== Version 0.19.9 ==

* Bumped Jackson dependency to version 2.9.10.3 in response to CVE-2019-20330 and CVE-2020-8840


== Version 0.19.8 ==

* Bumped Jackson dependency to version 2.9.10.1 which has patched CVE-2019-16942
Expand Down
4 changes: 2 additions & 2 deletions README
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,14 @@ Maven:
<dependency>
<groupId>com.yubico</groupId>
<artifactId>u2flib-server-core</artifactId>
<version>0.19.8</version>
<version>0.19.9</version>
</dependency>

Gradle:
[source, groovy]
repositories{ mavenCentral() }
dependencies {
compile 'com.yubico:u2flib-server-core:0.19.8'
compile 'com.yubico:u2flib-server-core:0.19.9'
}

=== Example Usage
Expand Down
4 changes: 2 additions & 2 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ allprojects {
}

group = 'com.yubico'
version = '0.19.8'
version = '0.19.9'

sourceCompatibility = 1.6
targetCompatibility = 1.6
Expand All @@ -52,7 +52,7 @@ allprojects {
repositories {
mavenLocal()

maven { url "http://repo.maven.apache.org/maven2" }
maven { url "https://repo.maven.apache.org/maven2" }
}
}

Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<groupId>com.yubico</groupId>
<artifactId>u2flib-server-parent</artifactId>
<packaging>pom</packaging>
<version>0.19.8</version>
<version>0.19.9</version>
<name>U2F parent</name>
<description>Java server-side library for U2F</description>
<properties>
Expand Down
4 changes: 2 additions & 2 deletions u2flib-server-attestation/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<parent>
<artifactId>u2flib-server-parent</artifactId>
<groupId>com.yubico</groupId>
<version>0.19.8</version>
<version>0.19.9</version>
</parent>
<modelVersion>4.0.0</modelVersion>

Expand All @@ -14,7 +14,7 @@
<dependency>
<groupId>com.yubico</groupId>
<artifactId>u2flib-server-core</artifactId>
<version>0.19.8</version>
<version>0.19.9</version>
</dependency>
</dependencies>

Expand Down
4 changes: 2 additions & 2 deletions u2flib-server-core/pom.xml
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<parent>
<artifactId>u2flib-server-parent</artifactId>
<groupId>com.yubico</groupId>
<version>0.19.8</version>
<version>0.19.9</version>
</parent>
<modelVersion>4.0.0</modelVersion>

Expand All @@ -24,7 +24,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.10.1</version>
<version>2.9.10.3</version>
</dependency>
</dependencies>
</project>
6 changes: 3 additions & 3 deletions u2flib-server-demo/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<artifactId>u2flib-server-parent</artifactId>
<groupId>com.yubico</groupId>
<version>0.19.8</version>
<version>0.19.9</version>
</parent>
<artifactId>u2flib-server-demo</artifactId>
<name>U2F demo</name>
Expand All @@ -14,12 +14,12 @@
<dependency>
<groupId>com.yubico</groupId>
<artifactId>u2flib-server-core</artifactId>
<version>0.19.8</version>
<version>0.19.9</version>
</dependency>
<dependency>
<groupId>com.yubico</groupId>
<artifactId>u2flib-server-attestation</artifactId>
<version>0.19.8</version>
<version>0.19.9</version>
</dependency>
<dependency>
<groupId>io.dropwizard</groupId>
Expand Down

0 comments on commit 2aa0416

Please sign in to comment.