Skip to content

Updated pom.xml to correct version #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TreetopTechie wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Updated pom.xml to correct version #3

TreetopTechie wants to merge 7 commits into from

Conversation

@TreetopTechie
Copy link
Owner

@TreetopTechie TreetopTechie commented Feb 12, 2024

No description provided.

@github-actions
Copy link

github-actions bot commented Feb 12, 2024

Warning

Endor Labs detected 1 policy violations associated with this pull request.

Please review the findings that caused the policy violations.

📋 Policy: Warn in CI for Reachable Critical/High (1 finding)

📥 Package mvn://org.owasp:benchmark@1.2
⤵️ Dependency: mvn://org.hsqldb:hsqldb@2.5.2
🚩 GHSA-77xx-rxvh-q682: HyperSQL DataBase vulnerable to remote code execution when processing untrusted input

Details

  • Severity: Critical
  • Tags: Direct Reachable Function Reachable Dependency Normal Fix Available
  • Categories: Security Vulnerability
  • Summary: org.hsqldb:hsqldb@2.5.2 has a critical vulnerability identified by GHSA-77xx-rxvh-q682: HyperSQL DataBase vulnerable to remote code execution when processing untrusted input. A vulnerable function is reachable. This vulnerability was fixed in version 2.7.1.
    org.hsqldb:hsqldb@2.5.2 is a direct dependency of org.owasp:benchmark@1.2.
  • Remediation: Update org.owasp:benchmark@1.2 to use org.hsqldb:hsqldb version 2.7.1 (current: 2.5.2, latest: 2.7.2).

This comment was automatically generated by Endor Labs.
Scanned @ 02-12-2024 18:35:56 UTC

Repository owner deleted a comment Jul 18, 2025
Repository owner deleted a comment Jul 18, 2025
Repository owner deleted a comment Jul 18, 2025
@TreetopTechie
Remove commented runenv instruction from pom.xml
4a085a6 
Removed commented instruction for remote environment usage.
@endor-labs-pro
Copy link

endor-labs-pro bot commented Nov 4, 2025
edited
Loading

Endor Labs Security Review

📝 Summary

  • Enforce security scanning feedback: This change mandates that the Endor Labs security scan must post comments on pull requests by hardcoding the configuration to true in the workflow file .github/workflows/maven.yaml#L54.
  • Update transitive dependency version: This modification downgrades the version of the org.hsqldb:hsqldb dependency from 2.7.1 to 2.5.2 within the project configuration pom.xml#L791-L792.
  • Clean configuration documentation: This change removes an explanatory comment related to the default value and override mechanism for the <runenv> property in the project's build file pom.xml#L1213.

Security Changes

✅ No security changes were identified in this review

Generated by Endor Labs.
Updated @ 11-04-2025 09:50:17 UTC

@endor-labs-pro
Copy link

endor-labs-pro bot commented Nov 4, 2025
edited
Loading

Warning

Endor Labs detected 1 policy violations associated with this pull request.

Please review the findings that caused the policy violations.

📋 Policy: Warn in CI for Reachable Critical/High (1 finding)

📥 Package mvn://org.owasp:benchmark@1.2
⤵️ Dependency: mvn://org.hsqldb:hsqldb@2.5.2
🚩 GHSA-77xx-rxvh-q682: HyperSQL DataBase vulnerable to remote code execution when processing untrusted input

Details

  • Severity: Critical
  • Tags: Direct Normal Reachable Dependency Reachable Function Fix Available Warning
  • Categories: Security Vulnerability SCA
  • Reachable via: org.owasp.benchmark.testcode.BenchmarkTest01817.doPost()
  • Remediation: Update org.owasp:benchmark@1.2 to use org.hsqldb:hsqldb version 2.7.1 (current: 2.5.2, latest: 2.7.4).

This comment was automatically generated by Endor Labs.
Scanned @ 11-04-2025 09:50:17 UTC

@TreetopTechie
Remove comment about apacheds-core upgrade issues
0361f96 
Removed comment regarding API breaking change for apacheds-core dependency.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TreetopTechie