Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix test for CVE-2019-0225 #37

Merged
merged 5 commits into from
Sep 28, 2023
Merged

Fix test for CVE-2019-0225 #37

merged 5 commits into from
Sep 28, 2023

Conversation

wtwhite
Copy link
Collaborator

@wtwhite wtwhite commented Sep 28, 2023

Fixes #36, the same way apache/jspwiki@3ad9e5e fixed the broken test originally introduced in apache/jspwiki@88d89d6.

@wtwhite wtwhite self-assigned this Sep 28, 2023
@wtwhite
Copy link
Collaborator Author

wtwhite commented Sep 28, 2023

a24b7a8 changes the metadata from the GAV mentioned in the GHSA to agree with pom.xml (which works, and is the same GAV as vul4j used), and that's enough to get shadedetector working. The other direction (changing the pom.xml GAV to agree with the GHSA) would be more ideal, but I couldn't get it to work -- the jspwiki-war artifact is packaged only as a .war file, and getting .war files to work as dependencies in Maven looks complicated.

@wtwhite wtwhite merged commit 4906c36 into main Sep 28, 2023
2 checks passed
@wtwhite wtwhite deleted the fix-test-cve-2019-0225 branch September 28, 2023 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jensdietrich jensdietrich Awaiting requested review from jensdietrich

Assignees

@wtwhite wtwhite

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2019-0225: articleId in pov-project.json != articleId in pom.xml, also version should already be patched
1 participant
@wtwhite