[jenkinsci/dependency-check-plugin] c10d14: Address CVE-2021-43577

Thu, 18 Nov 2021 05:20:06 -0800 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/dependency-check-plugin
  Commit: c10d1496f9f0301e276daecea88161a905fca6d4
      
https://github.com/jenkinsci/dependency-check-plugin/commit/c10d1496f9f0301e276daecea88161a905fca6d4
  Author: William Whittle <whitt...@users.noreply.github.com>
  Date:   2021-11-17 (Wed, 17 Nov 2021)

  Changed paths:
    M .gitignore
    M 
src/main/java/org/jenkinsci/plugins/DependencyCheck/model/ReportParser.java
    M 
src/test/java/org/jenkinsci/plugins/dependencycheck/DependencyCheckWorkflowTest.java
    A 
src/test/java/org/jenkinsci/plugins/dependencycheck/model/ReportParserTest.java
    A 
src/test/resources/org/jenkinsci/plugins/dependencycheck/model/dependency-check-report-external-entities.xml

  Log Message:
  -----------
  Address CVE-2021-43577

Follow guidance at 
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html


  Commit: 6c584680f73730b903b74ab95cc4c81e06687f90
      
https://github.com/jenkinsci/dependency-check-plugin/commit/6c584680f73730b903b74ab95cc4c81e06687f90
  Author: William Whittle <whitt...@users.noreply.github.com>
  Date:   2021-11-17 (Wed, 17 Nov 2021)

  Changed paths:
    M .gitignore

  Log Message:
  -----------
  Newline at end of file


  Commit: c874d0c1cd61eb3d8421eabe7cd01725b7c14183
      
https://github.com/jenkinsci/dependency-check-plugin/commit/c874d0c1cd61eb3d8421eabe7cd01725b7c14183
  Author: William Whittle <whitt...@users.noreply.github.com>
  Date:   2021-11-17 (Wed, 17 Nov 2021)

  Changed paths:
    M .gitignore

  Log Message:
  -----------
  Remove webapp ignores


  Commit: 12b2176c65dfbe7ac752a8c0c3cd5f83be3cf4dd
      
https://github.com/jenkinsci/dependency-check-plugin/commit/12b2176c65dfbe7ac752a8c0c3cd5f83be3cf4dd
  Author: William Whittle <whitt...@users.noreply.github.com>
  Date:   2021-11-17 (Wed, 17 Nov 2021)

  Changed paths:
    M 
src/test/java/org/jenkinsci/plugins/dependencycheck/DependencyCheckWorkflowTest.java

  Log Message:
  -----------
  Correct case on packages


  Commit: 6fea5b18405864390eb247b0785e835f98e02b73
      
https://github.com/jenkinsci/dependency-check-plugin/commit/6fea5b18405864390eb247b0785e835f98e02b73
  Author: William Whittle <whitt...@users.noreply.github.com>
  Date:   2021-11-17 (Wed, 17 Nov 2021)

  Changed paths:
    A 
src/test/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckWorkflowTest.java
    A 
src/test/java/org/jenkinsci/plugins/DependencyCheck/model/ReportParserTest.java
    R 
src/test/java/org/jenkinsci/plugins/dependencycheck/DependencyCheckWorkflowTest.java
    R 
src/test/java/org/jenkinsci/plugins/dependencycheck/model/ReportParserTest.java
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/model/dependency-check-report-external-entities.xml
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/parser/dependency-check-report.xml
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/parser/dependency-check-report1.xml
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/parser/dependency-check-report2.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/model/dependency-check-report-external-entities.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/parser/dependency-check-report.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/parser/dependency-check-report1.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/parser/dependency-check-report2.xml

  Log Message:
  -----------
  Correct case of the directories to match the code


  Commit: 8fe0d87f02b65b2ea96c78e6af3c256c60e3a6f2
      
https://github.com/jenkinsci/dependency-check-plugin/commit/8fe0d87f02b65b2ea96c78e6af3c256c60e3a6f2
  Author: kudos-dude <3792426+kudos-d...@users.noreply.github.com>
  Date:   2021-11-18 (Thu, 18 Nov 2021)

  Changed paths:
    M .gitignore
    M 
src/main/java/org/jenkinsci/plugins/DependencyCheck/model/ReportParser.java
    A 
src/test/java/org/jenkinsci/plugins/DependencyCheck/DependencyCheckWorkflowTest.java
    A 
src/test/java/org/jenkinsci/plugins/DependencyCheck/model/ReportParserTest.java
    R 
src/test/java/org/jenkinsci/plugins/dependencycheck/DependencyCheckWorkflowTest.java
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/model/dependency-check-report-external-entities.xml
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/parser/dependency-check-report.xml
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/parser/dependency-check-report1.xml
    A 
src/test/resources/org/jenkinsci/plugins/DependencyCheck/parser/dependency-check-report2.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/parser/dependency-check-report.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/parser/dependency-check-report1.xml
    R 
src/test/resources/org/jenkinsci/plugins/dependencycheck/parser/dependency-check-report2.xml

  Log Message:
  -----------
  Merge pull request #41 from whittlec/CVE-2021-43577

CVE 2021 43577


Compare: 
https://github.com/jenkinsci/dependency-check-plugin/compare/8e200a635003...8fe0d87f02b6

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/dependency-check-plugin/push/refs/heads/master/8e200a-8fe0d8%40github.com.

Reply via email to