Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Upgrade testng to avoid CVE-2022-4065 #18635

Merged
merged 1 commit into from May 11, 2024
Merged

fix: Upgrade testng to avoid CVE-2022-4065 #18635

merged 1 commit into from May 11, 2024

Conversation

EstebanDugueperoux2
Copy link
Contributor

A testNG upgrade to fix a critical CVE.

PR checklist

  • Read the contribution guidelines.
  • Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
  • Run the following to build the project and update samples: 
    ./mvnw clean package 
./bin/generate-samples.sh ./bin/configs/*.yaml
./bin/utils/export_docs_generators.sh

@EstebanDugueperoux2
Copy link
Contributor Author

Hi @wing328, @etherealjoy,

Would it be possible to have this PR integrated in a 7.5.1 release?
Because without that, the 7.5.0 release is not usable through Nexus IQ Server or Artifactory due to security scanner leveraging this critical CVE.

Regards.

@wing328
Copy link
Member

wing328 commented May 11, 2024

thanks for the PR.

can you please fix the build failure when you've time?

we should be able to release v7.6.0 this week accordingly to the schedule

@EstebanDugueperoux2
Copy link
Contributor Author

Hi @wing328,

Thanks for the fast reply.
About CI failure, this seems not related to my change.
I have closed and reopened this PR and the CI seems good now.

Regards.

@wing328
Copy link
Member

wing328 commented May 11, 2024

does it build for you locally with mvn clean install?

@EstebanDugueperoux2
Copy link
Contributor Author

Hum indeed from release 7.6.1 of TestNG a deprecated method has been removed (https://github.com/testng-team/testng/pull/2762/files).
It should be ok now.

@wing328
Copy link
Member

wing328 commented May 11, 2024

cc @OpenAPITools/generator-core-team

@wing328 wing328 added this to the 7.6.0 milestone May 11, 2024
@wing328 wing328 merged commit 4637658 into OpenAPITools:master May 11, 2024
15 checks passed
@wing328
Copy link
Member

wing328 commented May 11, 2024

thanks for the fix, which has been merged into master

have a nice weekend

renatomameli pushed a commit to renatomameli/openapi-generator that referenced this pull request May 17, 2024
@EstebanDugueperoux2
fix: Upgrade testng to avoid CVE-2022-4065 (OpenAPITools#18635)
171834b
@EstebanDugueperoux2 EstebanDugueperoux2 deleted the fix/CVE-2022-4065 branch May 17, 2024 11:47
@EstebanDugueperoux2
Copy link
Contributor Author

Hi @wing328,

Do you plan always a 7.6.0 release today?

Regards.

@wing328
Copy link
Member

wing328 commented May 21, 2024

released yesterday. please check it out when you've time.

thanks again for the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement: Security
Projects
None yet
Milestone
7.6.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@EstebanDugueperoux2 @wing328