Skip to content

Bumped up the Dropdown Wizard to address the Security Vulnerabilities #3051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bumped up the Dropdown Wizard to address the Security Vulnerabilities #3051

wants to merge 1 commit into from

Conversation

rangansa
Copy link

@rangansa rangansa commented Apr 6, 2025

Problem

The current versions of several Dropwizard components contain known security vulnerabilities, including CVE-2024-6763. To mitigate these risks and ensure the application remains secure, it is necessary to upgrade the affected Dropwizard libraries to version 4.0.13. This upgrade addresses high and critical severity issues, enhancing the overall security posture of the system.

Issue: #3040

Solution

Following JARS need to be upgraded to address the high and critical security vulnerabilities

  1. io.dropwizard:dropwizard-logging
    Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-logging/4.0.13]

  2. io.dropwizard:dropwizard-request-logging
    Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-request-logging/4.0.13]
    CVE-2024-6763 - Low Priority (3.7) and can be ignored for now

  3. io.dropwizard:dropwizard-json-logging
    Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-json-logging/4.0.13]
    CVE-2024-6763 - Low Priority (3.7) and can be ignored for now

  4. io.dropwizard:dropwizard-http2
    Upgrade the version to 4.0.13 [https://mvnrepository.com/artifact/io.dropwizard/dropwizard-http2/4.0.13]
    CVE-2024-6763 - Low Priority (3.7) and can be ignored for now

One-line summary: Dropwizard version has been upgraded to handle security vulnerabilities issues.

Checklist

  • You've signed-off your work
  • [NA] Your changes are accompanied by tests (if relevant)
  • Your change contains a small diff and is self-contained
  • [NA] You've updated any relevant documentation (if relevant)
  • [NA] You've included a one-line summary of your change for the CHANGELOG.md (Depending on the change, this may not be necessary).
  • [NA] You've versioned your .sql database schema migration according to Flyway's naming convention (if relevant)
  • [NA] You've included a header in any source code files (if relevant)

@boring-cyborg boring-cyborg
Copy link

boring-cyborg bot commented Apr 6, 2025

Thanks for opening your first pull request in the Marquez project! Please check out our contributing guidelines (https://github.com/MarquezProject/marquez/blob/main/CONTRIBUTING.md).

@netlify Netlify
Copy link

netlify bot commented Apr 6, 2025
edited
Loading

Deploy Preview for peppy-sprite-186812 failed.

Name Link
🔨 Latest commit e254c30
🔍 Latest deploy log https://app.netlify.com/sites/peppy-sprite-186812/deploys/67f1fdc8fee27c0008e58289

@rangansa rangansa marked this pull request as draft April 6, 2025 04:09
rangansa
rangansa commented Apr 6, 2025
View reviewed changes
Copy link
Author

@rangansa rangansa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wslulciuc - Can you please review my changes. Thanks.

@rangansa rangansa marked this pull request as ready for review April 6, 2025 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rangansa @meena010