Bug #27006: Update jgit to last version against XXE - Rudder - Issue Tracker

Actions

Copy link

Bug #27006

closed

Update jgit to last version against XXE

Added by François ARMAND 3 months ago. Updated 23 days ago.

Status:

Released

Priority:

N/A

Assignee:

Clark ANDRIANASOLO

Category:

Security

Target version:

9.0.0~alpha1

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

JGit used in futur Rudder 9.0 has an XXE: https://github.com/Normation/rudder/security/dependabot/179

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4949

We aren't effected since we don't parse external repo or S3 bucket in our use case.

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #27006

Update jgit to last version against XXE

Updated by François ARMAND 3 months ago

Updated by François ARMAND 3 months ago

Updated by Anonymous 3 months ago

Updated by François ARMAND 3 months ago

Updated by François ARMAND 3 months ago

Updated by Alexis Mousset 23 days ago