Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P5
Fix Version/s: 17
Affects Version/s: 11, 17
Component/s: hotspot
Labels:

Subcomponent:
compiler
Resolved In Build:
b07

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8267325	16u-cpu	Paul Hohensee	P5	Resolved	Fixed	master
JDK-8267195	16.0.2	Paul Hohensee	P5	Resolved	Fixed	b05
JDK-8262932	13.0.7	Ekaterina Vergizova	P5	Resolved	Fixed	b03
JDK-8260595	11.0.12-oracle	Dukebot	P5	Resolved	Fixed	b01
JDK-8260552	11.0.11	Igor Ignatyev	P5	Resolved	Fixed	b01

Open on behalf of Dan Lutker <lutkerd@amazon.com>

LogCompilation uses a maven pom.xml file and it lists junit 4.8.2 as a dependency. That version contains a known vulnerability.

Github advisory:
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp

Several mirrors and downstream repos of OpenJDK are getting flagged because of this.

backported by

JDK-8260552 Update LogCompilation junit to 4.13.1

Resolved

JDK-8260595 Update LogCompilation junit to 4.13.1

Resolved

JDK-8262932 Update LogCompilation junit to 4.13.1

Resolved

JDK-8267195 Update LogCompilation junit to 4.13.1

Resolved

JDK-8267325 Update LogCompilation junit to 4.13.1

Resolved

links to

Commit openjdk/jdk13u-dev/335890fc

Commit openjdk/jdk16u/860ca3fd

Commit openjdk/jdk/ef247ab2

Review openjdk/jdk13u-dev/135

Review openjdk/jdk16u/116

Review openjdk/jdk/2199

(6 links to)

Assignee:: David Alvarez
Reporter:: David Alvarez
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: 2021-01-22 10:23
Updated:: 2025-01-16 09:22
Resolved:: 2021-01-25 09:16

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates