Project

General

Profile

Actions
Copy link

Bug #27006

open

Update jgit to last version against XXE

Added by François ARMAND 8 days ago. Updated 5 days ago.

Status:
Pending release
Priority:
N/A
Assignee:
Clark ANDRIANASOLO
Category:
Security
Target version:
9.0.0~alpha1
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

JGit used in futur Rudder 9.0 has an XXE: https://github.com/Normation/rudder/security/dependabot/179

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4949

We aren't effected since we don't parse external repo or S3 bucket in our use case.

Subtasks 1 (0 open1 closed)

Bug #27011: JGit vulnerability (XXE)ReleasedClark ANDRIANASOLOActions
Actions
Copy link
 #1

Updated by François ARMAND 8 days ago

  • Status changed from New to In progress
Actions
Copy link
 #2

Updated by François ARMAND 8 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Clark ANDRIANASOLO
  • Pull Request set to https://github.com/Normation/rudder/pull/6411
Actions
Copy link
 #3

Updated by Anonymous 8 days ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #4

Updated by François ARMAND 8 days ago

  • Subtask #27011 added
Actions
Copy link
 #5

Updated by François ARMAND 8 days ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF