Skip to content

XWIKI-23646: Security vulnerability application improvments #4722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 31, 2025
Merged

XWIKI-23646: Security vulnerability application improvments #4722

merged 3 commits into from
Oct 31, 2025

Conversation

@surli
Copy link
Member

@surli surli commented Oct 30, 2025

Jira URL

https://jira.xwiki.org/browse/XWIKI-23646

Changes

Description

  • Allow computation of CVSS v4
  • Only limit displays of vulnerabilities based on CVE ID and no longer on max severity

Clarifications

Screenshots & Video

Executed Tests

Expected merging strategy

  • Prefers squash: Yes
  • Backport on branches:
    • 16.10.x
    • 17.4.x

@surli surli requested a review from manuelleduc October 30, 2025 15:38
@surli surli self-assigned this Oct 30, 2025
@surli
XWIKI-23646: Security vulnerability application improvments
8ab225f 
  * Allow computation of CVSS v4
  * Only limit displays of vulnerabilities based on CVE ID and no longer
    on max severity
manuelleduc
manuelleduc reviewed Oct 31, 2025
View reviewed changes
@surli @manuelleduc
Update pom.xml
83f7c9c 
Co-authored-by: Manuel Leduc <[email protected]>
@socket-security
Copy link

socket-security bot commented Oct 31, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedmaven/​org.metaeffekt.core/​ae-security@​0.147.064100100100100
Addedmaven/​org.webjars/​jstree@​3.3.16100100100100100

View full report

@surli
XWIKI-23646: Security vulnerability application improvments
c94c320 
  * Support multiple severities and prioritize them
@surli surli merged commit c3b71ba into master Oct 31, 2025
2 checks passed
@surli surli deleted the XWIKI-23646 branch October 31, 2025 16:11
@github-actions
Copy link

github-actions bot commented Oct 31, 2025

💔 All backports failed

Status Branch Result
stable-16.10.x Backport failed because of merge conflicts
stable-17.4.x Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

backport --pr 4722

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

surli added a commit that referenced this pull request Nov 3, 2025
@surli @manuelleduc
XWIKI-23646: Security vulnerability application improvments (#4722)
00bc660 
  * Allow computation of CVSS v4
  * Only limit displays of vulnerabilities based on CVE ID and no longer
    on max severity
  * Support multiple severities and prioritize them

---------

Co-authored-by: Manuel Leduc <[email protected]>
(cherry picked from commit c3b71ba)
surli added a commit that referenced this pull request Nov 3, 2025
@surli @manuelleduc
XWIKI-23646: Security vulnerability application improvments (#4722)
0265312 
  * Allow computation of CVSS v4
  * Only limit displays of vulnerabilities based on CVE ID and no longer
    on max severity
  * Support multiple severities and prioritize them

---------

Co-authored-by: Manuel Leduc <[email protected]>
(cherry picked from commit c3b71ba)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuelleduc manuelleduc manuelleduc left review comments

Assignees

@surli surli

Labels

backport stable-16.10.x backport stable-17.4.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@surli @manuelleduc