Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotfix/v2.0.1 security patch: Fixed security Issues #171

Merged
merged 21 commits into from
Jan 3, 2024
Merged

Hotfix/v2.0.1 security patch: Fixed security Issues #171

merged 21 commits into from
Jan 3, 2024

Conversation

matbmoser
Copy link
Contributor

@matbmoser matbmoser commented Jan 3, 2024
edited
Loading

Why we create this PR?

There are a list of several security issues with the applicaition and also some bugs that need to be fixed for the version v2.0.0.

What we want to achieve with this PR?

Create the release v2.0.1 with all the security issues fixed and the bugs fixes detected in the post testing phase.

What is new?

Added

  • Added function to check for duplicated DTRs in the temporaryStorage
  • Added check for skipping the check of all BPNs when the DTRs are not available for security and optimization
  • Added vue-i18n v9.2.2 library that will be used in the release v2.1.0 with the translations
  • Added check to fix bug related to invalid BPN endpoints in cache

Updated

  • Updated header license of modified files to match the new year 2024

Security Issues

  • Updated Axios from version v0.8.1 -> v1.6.0
  • Updated Spring Boot from version v3.1.5 -> v3.2.1
  • Logback from Log4j got updated with the Spring Boot v1.4.11 -> v1.4.14

Issues Fixed

  • Fixed the backend IRS exception handling, for detecting failure when job does not start
  • Fixed misconfiguration of config maps related to the temporaryStorage
  • Fixed incorrect authors names

PR Linked to:

IP Checks performed: #170

@matbmoser matbmoser added bug Something isn't working backend Issue or PR connected to the backend application security labels Jan 3, 2024
@matbmoser matbmoser added this to the v2.0.1 milestone Jan 3, 2024
@matbmoser matbmoser force-pushed the hotfix/v2.0.1-security-patch branch from c120407 to 7c543da Compare January 3, 2024 10:16
@matbmoser matbmoser self-assigned this Jan 3, 2024
@matbmoser matbmoser requested a review from saudkhan116 January 3, 2024 16:24
@saudkhan116
Copy link
Contributor

Most of the files are changed due to the license header update. Everything is ok.

@matbmoser matbmoser merged commit 06c810d into eclipse-tractusx:main Jan 3, 2024
5 of 6 checks passed
@matbmoser matbmoser deleted the hotfix/v2.0.1-security-patch branch January 3, 2024 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saudkhan116 saudkhan116 saudkhan116 approved these changes

Assignees

@matbmoser matbmoser

Labels
backend Issue or PR connected to the backend application bug Something isn't working security
Projects
Digital Product Pass
Archived in project
Milestone
v2.0.1
Development

Successfully merging this pull request may close these issues.
2 participants
@matbmoser @saudkhan116