request #37227 Temporarily ignore gopkg.in/go-jose/go-jose.v2 CVE-2024-28180

Artifact

Infos

Artifact ID#37227

Submitted byThomas Gerbet (tgerbet)

Last Modified On2024-03-19 11:16

Submitted on2024-03-19 09:34

Rank38838

Details

Summary *

Temporarily ignore gopkg.in/go-jose/go-jose.v2 CVE-2024-28180

Original Submission

No real impact in the Tuleap use case as we do not rely on JWE and current state of the dependencies tree does not allow a straightforward fix right now.

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2024-03-19

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #35499	Tuleap	Releases	15.7	Delivered	2024-03-28 10:56	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #37227

Artifact Tracker v5

request #37949 Ignore one more month gopkg.in/go-jose/go-jose.v2 CVE-2024-28180

Git commit

tuleap/tuleap/stable

chore: request #37227 Temporarily ignore gopkg.in/go-jose/go-jose.v2 CVE-2024-28180 0afd720ea6

Thomas Gerbet (tgerbet) , 2024-03-19 09:36

Merge commit 'refs/changes/19/30719/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD c6380057be

Joris MASSON (jmasson) , 2024-03-19 11:14

Show items referenced by request #37227

Referenced by request #37227

Artifact Tracker v5

rel #35499 15.7

Other

gerrit #30719

Follow-ups

Joris MASSON (jmasson)

2024-03-19 11:16

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #35499
Close date set to 2024-03-19

Thomas Gerbet (tgerbet)

2024-03-19 09:36

See gerrit #30719.

Status changed from Under implementation to Under review

Public

Artifact links

Releases

Fixed in

Reverse artifact links

Referencing request #37227

Artifact Tracker v5

Git commit

tuleap/tuleap/stable

Referenced by request #37227

Artifact Tracker v5

Other

Follow-ups