Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: UyCode/tesseract4java
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: develop
Choose a base ref
...
head repository: tesseract4java/tesseract4java
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: develop
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 2 commits
  • 2 files changed
  • 3 contributors

Commits on Dec 17, 2023

  1. vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291

    This fixes a security vulnerability in this project where the `pom.xml`
    files were configuring Maven to resolve dependencies over HTTP instead of
    HTTPS.
    
    Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
    Severity: High
    CVSS: 8.1
    Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
    
    Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
    Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
    
    Bug-tracker: JLLeitschuh/security-research#8
    Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
    
    Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
    Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
    
    Bug-tracker: JLLeitschuh/security-research#8
    
    
    Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D
    
    Co-authored-by: Moderne <team@moderne.io>
    JLLeitschuh and TeamModerne committed Dec 17, 2023
    Configuration menu
    Copy the full SHA
    8bc4bf8 View commit details
    Browse the repository at this point in the history
  2. Merge pull request tesseract4java#70 from BulkSecurityGeneratorProjec…

    …tV2/fix/JLL/use_https_to_resolve_dependencies_maven
    
    [SECURITY] Use HTTPS to resolve dependencies in Maven Build
    pvorb authored Dec 17, 2023
    Configuration menu
    Copy the full SHA
    6349616 View commit details
    Browse the repository at this point in the history
Loading