Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add quartz vulnerability to the ignore list #41453

Merged
merged 2 commits into from
Oct 5, 2023
Merged

Add quartz vulnerability to the ignore list #41453

merged 2 commits into from
Oct 5, 2023

Conversation

kalaiyarasiganeshalingam
Copy link
Contributor

@kalaiyarasiganeshalingam kalaiyarasiganeshalingam commented Sep 27, 2023
edited
Loading

Purpose

$Subject

Since the task package is in the language, we can't remove the quartz usage from the repo.
So, this PR ignores this quartz vulnerability.

Related to https://github.com/wso2-enterprise/internal-support-ballerina/issues/454
Fixes #41471

@keizer619
Copy link
Member

Shall we verify this vulnerability affects us ?

@kalaiyarasiganeshalingam kalaiyarasiganeshalingam changed the base branch from ballerina-1.2.x to trivy-1.2.x October 2, 2023 04:26
@kalaiyarasiganeshalingam
Copy link
Contributor Author

kalaiyarasiganeshalingam commented Oct 2, 2023
edited
Loading

Shall we verify this vulnerability affects us ?

Quartz is used to create a schedule and manage jobs in a task module. Users cannot use these Quartz functions or perform any configurations. Also, the task module does not use vulnerable functionality(SendQueueMessageJob.execute).
So, we can ignore CVE which should not affect us.(quartz-scheduler/quartz#943)

@kalaiyarasiganeshalingam kalaiyarasiganeshalingam changed the base branch from trivy-1.2.x to ballerina-1.2.x October 2, 2023 11:20
@kalaiyarasiganeshalingam kalaiyarasiganeshalingam merged commit 1111fe4 into ballerina-platform:ballerina-1.2.x Oct 5, 2023
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keizer619 keizer619 keizer619 approved these changes

@daneshk daneshk daneshk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kalaiyarasiganeshalingam @keizer619 @daneshk