https://bugzilla.redhat.com/show_bug.cgi?id=1290790
Bug ID: 1290790
Summary: spock-1.0 is available
Product: Fedora
Version: rawhide
Component: spock
Assignee: puntogil(a)libero.it
Reporter: puntogil(a)libero.it
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com, puntogil(a)libero.it
Latest upstream release: 1.0
Current version/release in rawhide: 0.7-0.11.groovy.2.0.fc24
URL: https://github.com/spockframework/spock/tags
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6Ximnir7mK&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1529803
Bug ID: 1529803
Summary: maven-doxia-sitetools-1.8 is available
Product: Fedora
Version: rawhide
Component: maven-doxia-sitetools
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com
Latest upstream release: 1.8
Current version/release in rawhide: 1.7.5-1.fc28
URL: http://maven.apache.org/doxia/doxia-sitetools/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1905/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1393454
Bug ID: 1393454
Summary: CVE-2016-1000031 Apache Commons FileUpload:
DiskFileItem file manipulation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, alee(a)redhat.com,
aszczucz(a)redhat.com, bdawidow(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dmcphers(a)redhat.com, epp-bugs(a)redhat.com,
etirelli(a)redhat.com, felias(a)redhat.com,
gvarsami(a)redhat.com, hchiorea(a)redhat.com,
hfnukal(a)redhat.com, hhorak(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jerboaa(a)gmail.com,
jialiu(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
kconner(a)redhat.com, krzysztof.daniel(a)gmail.com,
kseifried(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lmeyer(a)redhat.com,
lpetrovi(a)redhat.com, mbaluch(a)redhat.com,
me(a)coolsvap.net, miburman(a)redhat.com,
mizdebsk(a)redhat.com, mmccomas(a)redhat.com,
mmraka(a)redhat.com, msimacek(a)redhat.com,
mweiler(a)redhat.com, mwinkler(a)redhat.com,
nwallace(a)redhat.com, omajid(a)redhat.com,
pavelp(a)redhat.com, rrajasek(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sgehwolf(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com,
SpikeFedora(a)gmail.com, spinder(a)redhat.com,
tcunning(a)redhat.com, theute(a)redhat.com,
tiwillia(a)redhat.com, tkirby(a)redhat.com,
trick(a)vanstaveren.us, vhalbert(a)redhat.com
There exists a Java Object in the Apache Commons FileUpload library that can be
manipulated in such a way that when it is deserialized, it can write or copy
files to disk in arbitrary locations. Furthermore, while the Object can be used
alone, this new vector can be integrated with ysoserial to upload and execute
binaries in a single deserialization call. This may or may not work depending
on an application's implementation of the FileUpload library.
External References:
http://www.tenable.com/security/research/tra-2016-12
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1528481
Bug ID: 1528481
Summary: maven-doxia-1.8 is available
Product: Fedora
Version: rawhide
Component: maven-doxia
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mefoster(a)gmail.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com, sochotni(a)redhat.com
Latest upstream release: 1.8
Current version/release in rawhide: 1.7-5.fc27
URL: http://repo2.maven.org/maven2/org/apache/maven/doxia/doxia
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1903/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1564313
Bug ID: 1564313
Summary: maven-dependency-plugin-3.1.0 is available
Product: Fedora
Version: rawhide
Component: maven-dependency-plugin
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
sochotni(a)redhat.com
Latest upstream release: 3.1.0
Current version/release in rawhide: 3.0.2-1.fc28
URL:
http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-dependency-plu…
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1902/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1535731
Bug ID: 1535731
Summary: maven-dependency-analyzer-1.8 is available
Product: Fedora
Version: rawhide
Component: maven-dependency-analyzer
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, tradej(a)redhat.com
Latest upstream release: 1.8
Current version/release in rawhide: 1.7-2.fc27
URL:
http://repo1.maven.org/maven2/org/apache/maven/shared/maven-dependency-anal…
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1897/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1473676
Bug ID: 1473676
Summary: maven-script-interpreter-1.2 is available
Product: Fedora
Version: rawhide
Component: maven-script-interpreter
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Latest upstream release: 1.2
Current version/release in rawhide: 1.1-9.fc26
URL:
http://central.maven.org/maven2/org/apache/maven/shared/maven-script-interp…
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1935/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1571050
Bug ID: 1571050
Summary: CVE-2018-1271 spring-framework: Directory traversal
vulnerability with static resources on Windows
filesystems
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
anstephe(a)redhat.com, apevec(a)redhat.com,
bkundal(a)redhat.com, bmaxwell(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
chrisw(a)redhat.com, csutherl(a)redhat.com,
darran.lofthouse(a)redhat.com, dchen(a)redhat.com,
dffrench(a)redhat.com, dimitris(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
drusso(a)redhat.com, etirelli(a)redhat.com,
gvarsami(a)redhat.com, hghasemb(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jcoleman(a)redhat.com,
jjoyce(a)redhat.com, jmadigan(a)redhat.com,
jolee(a)redhat.com, jschatte(a)redhat.com,
jschluet(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kbasil(a)redhat.com,
kconner(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lgriffin(a)redhat.com, lhh(a)redhat.com,
lpeer(a)redhat.com, lpetrovi(a)redhat.com,
markmc(a)redhat.com, mburns(a)redhat.com,
mkolesni(a)redhat.com, myarboro(a)redhat.com,
ngough(a)redhat.com, nwallace(a)redhat.com,
nyechiel(a)redhat.com, paradhya(a)redhat.com,
pavelp(a)redhat.com, pgier(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
pszubiak(a)redhat.com, puntogil(a)libero.it,
pwright(a)redhat.com, rbryant(a)redhat.com,
rhel8-maint(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sclewis(a)redhat.com,
sdaley(a)redhat.com, sisharma(a)redhat.com,
slinaber(a)redhat.com, smohan(a)redhat.com,
ssaha(a)redhat.com, tcunning(a)redhat.com,
tdecacqu(a)redhat.com, tjay(a)redhat.com,
tkirby(a)redhat.com, trepel(a)redhat.com,
twalsh(a)redhat.com, vbellur(a)redhat.com,
vhalbert(a)redhat.com, vtunka(a)redhat.com
Spring Framework versions 5.0 to 5.0.4, 4.3 to 4.3.14, and older unsupported
versions allow applications to configure Spring MVC to serve static resources
(e.g. CSS, JS, images). When static resources are served from a file system on
Windows (as opposed to the classpath, or the ServletContext), a malicious user
can send a request using a specially crafted URL that can lead a directory
traversal attack.
This vulnerability does not affect applications that use versions of Spring
Security patched for CVE-2018-1199.
External Reference:
https://pivotal.io/security/cve-2018-1271
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1567461
Bug ID: 1567461
Summary: maven-clean-plugin-3.1.0 is available
Product: Fedora
Version: rawhide
Component: maven-clean-plugin
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Latest upstream release: 3.1.0
Current version/release in rawhide: 3.0.0-4.fc27
URL: http://repo1.maven.org/maven2/org/apache/maven/plugins/maven-clean-plugin/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1948/
--
You are receiving this mail because:
You are on the CC list for the bug.