Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: BulkSecurityGeneratorProjectV2/yzcheng90__X-SpringBoot
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: yzcheng90/X-SpringBoot
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
  • 7 commits
  • 3 files changed
  • 3 contributors

Commits on Dec 17, 2023

  1. vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 

    This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSS: 8.1
Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#8
Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#8


Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D

Co-authored-by: Moderne <[email protected]>
    @JLLeitschuh @TeamModerne
    JLLeitschuh and TeamModerne committed Dec 17, 2023
    Configuration menu
    Copy the full SHA
    56a183b View commit details
    Browse the repository at this point in the history

Commits on Feb 1, 2024

  1. Update README.md

    @yzcheng90
    yzcheng90 authored Feb 1, 2024
    Configuration menu
    Copy the full SHA
    225166f View commit details
    Browse the repository at this point in the history

Commits on Feb 19, 2024

  1. Merge pull request yzcheng90#34 from BulkSecurityGeneratorProjectV2/f… 

    …ix/JLL/use_https_to_resolve_dependencies_maven

[SECURITY] Use HTTPS to resolve dependencies in Maven Build
    @yzcheng90
    yzcheng90 authored Feb 19, 2024
    Configuration menu
    Copy the full SHA
    1e8fce2 View commit details
    Browse the repository at this point in the history

Commits on Nov 20, 2024

  1. Update README.md

    @yzcheng90
    yzcheng90 authored Nov 20, 2024
    Configuration menu
    Copy the full SHA
    2d4aaa6 View commit details
    Browse the repository at this point in the history

  2. Update README.md

    @yzcheng90
    yzcheng90 authored Nov 20, 2024
    Configuration menu
    Copy the full SHA
    81aa1de View commit details
    Browse the repository at this point in the history

Commits on Dec 3, 2024

  1. add @EnableAsync

    @yzcheng90
    yzcheng90 committed Dec 3, 2024
    Configuration menu
    Copy the full SHA
    4ff50a1 View commit details
    Browse the repository at this point in the history

Commits on Dec 4, 2024

  1. Update README.md

    @yzcheng90
    yzcheng90 authored Dec 4, 2024
    Configuration menu
    Copy the full SHA
    7768755 View commit details
    Browse the repository at this point in the history
Loading