Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41949: Merge pull request #66 from netroms/final_sec_merge_2.36.12.1 · dhis2/dhis2-core@dc3166c

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources (like third party servers). This could allow an attacker, for example, to identify vulnerable services which might not be otherwise exposed to the public internet or to determine whether a specific file is present on the DHIS2 server. DHIS2 administrators should upgrade to the following hotfix releases: 2.36.12.1, 2.37.8.1, 2.38.2.1, 2.39.0.1. At this time, there is no known workaround or mitigation for this vulnerability.

CVE
#vulnerability#web#ubuntu#git#java#auth#maven#ssl

@@ -1,53 +1,58 @@

name: Test

on: [ pull_request ]

env:

This is to make sure Maven don’t timeout fetching dependencies. See: https://github.com/actions/virtual-environments/issues/1499

MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=125

on:

push:

branches:

- master

pull_request:

concurrency:

group: ${{ github.workflow}}-${{ github.ref }}

cancel-in-progress: true

jobs:

cleanup-runs:

runs-on: ubuntu-latest

steps:

- uses: rokroskar/workflow-run-cleanup-action@035a48f84b47e111d72cf492a513179c92cd29ed

env:

GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

if: “!startsWith(github.ref, ‘refs/tags/’) && github.ref != 'refs/heads/master’”

unit-test:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v2

- uses: netroms/checkout@main

- name: Set up JDK 11

uses: actions/setup-java@v1

uses: netroms/setup-java@main

with:

java-version: 11

- name: Cache maven artifacts

uses: actions/cache@v2

with:

path: ~/.m2/repository

key: ${{ runner.os }}-maven-${{ hashFiles(‘pom.xml’) }}

restore-keys: ${{ runner.os }}-maven-

- name: Test core

run: mvn clean install -Pdefault -Pjdk11 --update-snapshots -f ./dhis-2/pom.xml

distribution: temurin

cache: maven

- name: Test core # NOTE: dhis-2/pom.xml needs to be installed as built artifacts are needed by dhis-web

run: mvn clean install --threads 2C --batch-mode --no-transfer-progress --update-snapshots -f ./dhis-2/pom.xml

timeout-minutes: 30

- name: Test dhis-web

run: mvn clean install -Pdefault -Pjdk11 --update-snapshots -f ./dhis-2/dhis-web/pom.xml

run: mvn test --threads 2C --batch-mode --no-transfer-progress --update-snapshots -f ./dhis-2/dhis-web/pom.xml

timeout-minutes: 30

integration-test:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v2

- uses: netroms/checkout@main

- name: Set up JDK 11

uses: actions/setup-java@v1

uses: netroms/setup-java@main

with:

java-version: 11

distribution: temurin

cache: maven

- name: Run integration tests

run: mvn clean verify --threads 2C --batch-mode --no-transfer-progress -Pintegration -f ./dhis-2/pom.xml

timeout-minutes: 30

- name: Cache maven artifacts

uses: actions/cache@v2

integration-h2-test:

runs-on: ubuntu-latest

steps:

- uses: netroms/checkout@main

- name: Set up JDK 11

uses: netroms/setup-java@main

with:

path: ~/.m2/repository

key: ${{ runner.os }}-maven-${{ hashFiles(‘pom.xml’) }}

restore-keys: ${{ runner.os }}-maven-

- name: Run integration tests

run: mvn clean install -Pintegration -Pjdk11 -f ./dhis-2/pom.xml

java-version: 11

distribution: temurin

cache: maven

- name: Run integration h2 tests

run: mvn clean verify --threads 2C --batch-mode --no-transfer-progress -PintegrationH2 -f ./dhis-2/pom.xml

timeout-minutes: 30

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907