-
Task
-
Resolution: Fixed
-
Neutral
-
BOM 6.2.34
-
None
-
-
Empty show more show less
-
Yes
-
DevX 43
-
Yes
[ERROR] One or more dependencies were identified with vulnerabilities: [graphql-java-17.6.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2023-2976(6.2)[ERROR] magnolia-dx-core-demo-webapp-6.3-SNAPSHOT.war: graphql-java-17.6.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2023-2976(6.2)
Not an actual vulnerability, see below why.
We don't actually use the affected classes in CVE-2023-2976, so this library was never vulnerable to CVE-2023-2976. However, in #3239 we received reports that security scanners have mistakenly flagged graphql-java as vulnerable because we do still include the Guava POM inside the META-INF directory of our jar.
Acceptance criteria
- split to
-
MGNLGQL-148 Implementation updates after graphql v18.6
- Closed
1.
|
Implement | Completed | Federico Grilli | |
2.
|
Review | Completed | Milan Divilek | |
3.
|
piQA | Completed | Milan Divilek | |
4.
|
QA | Completed | Oanh Thai Hoang |