fabric-chaincode-java GitHub

PR #325 Fix image names in Dockerfile
</td> </tr> </table>
Created At 2023-12-07 16:26:58 +0000 UTC
PR #324 Fix test workflow link in release workflow
</td> </tr> </table>
Created At 2023-12-07 15:37:50 +0000 UTC
PR #323 Prepare for v2.5.1 release
- Update version numbers. - Update GitHub Actions versions. - Update base Java 11 Docker image patch level. - Upgrade Gradle and Maven patch levels in Docker image. - Update dependencies.
Created At 2023-12-06 21:46:49 +0000 UTC
PR #322 Address CVE-2023-6481 by moving to logback v1.3.14.
As per https://nvd.nist.gov/vuln/detail/CVE-2023-6481
Created At 2023-12-06 14:23:57 +0000 UTC
PR #321 Use OSV-Scanner instead of dependency-check
The existing dependency-check version is no longer supported and might fail after the NVD data feeds it uses are deprecated on 2023-12-15. The updated version requires an API key to interact with the newer NVD APIs. For details see: - https://github.com/jeremylong/DependencyCheck#900-upgrade-notice It also requires periodic triage and suppression of false positive detections. OSV-Scanner appears less prone to false positives and does not require an API key to be maintained. Implement a scheduled vulnerability scan (using OSV-Scanner) so that vulnerabilities are more visible than the current (dependency-check) implementation, which runs in PR builds but does not fail builds or make the results very visible.
Created At 2023-12-04 17:25:35 +0000 UTC