jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <>
Subject [GitHub] [jmeter] sseide opened a new pull request #641: update xercesImpl to 2.12.1 (from 2.12.0)
Date Tue, 26 Jan 2021 04:26:52 GMT

sseide opened a new pull request #641:

   ## Description
   <!--- Provide a general summary of your changes in the Title above -->
   <!--- Describe your changes in detail here -->
   within the current xercesImpl version 2.12.0 a vulnerabilities was found. It is fixed with
the update to 2.12.1.
   * CVE-2020-14338 (Improper Input Validation)
   ## Motivation and Context
   <!--- Why is this change required? What problem does it solve? -->
   <!--- If it fixes an open issue, please link to the issue here. -->
   Fix potential security problems
   ## How Has This Been Tested?
   <!--- Please describe in detail how you tested your changes. -->
   <!--- Include details of your testing environment, tests ran to see how -->
   <!--- your change affects other areas of the code, etc. -->
   run gradlew check, first run failed with one library (xstream) having changed as expected,
rerun with "-PupdateExpectedJars" switch and "-PchecksumUpdate".
   The following executions of gradlew check and gradlew test succeeded now.
   The update of the checksum was needed because the signer of the xercesImpl release has
changed and a new gpg key was used to sign the maven release? (see
   ## Screenshots (if appropriate):
   ## Types of changes
   <!--- What types of changes does your code introduce? Delete as appropriate -->
   - Bug fix (non-breaking change which fixes an issue)
   ## Checklist:
   <!--- Go over all the following points, and put an `x` in all the boxes that apply.
   <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help!
   - [x] My code follows the [code style][style-guide] of this project.
   - [x] I have updated the documentation accordingly.

This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:

View raw message