julianladisch
julianladisch
Close idle connections that wait in the pool for connectionReleaseDelay milliseconds. Defaults to 0 = keep them forever. The option name is taken from vertx-mysql-postgresql-client: https://github.com/vert-x3/vertx-mysql-postgresql-client/blob/3.9.1/vertx-mysql-postgresql-client-jasync/src/main/java/io/vertx/ext/asyncsql/impl/pool/AsyncConnectionPool.java#L68 Implementation If connectionReleaseDelay is...
Add these methods of Eclipse Vert.x with JUnit 5 (VertxTestContext) to list of assertion methods: * laxCheckpoint * succeedingThenComplete Exclude these methods of Eclipse Vert.x with JUnit 5 (VertxTestContext) from...
The SSL issues in 4.3.0 and 4.3.1 have been fixed in 4.3.2 and are listed on the release notes: https://github.com/vert-x3/wiki/wiki/4.3.2-Release-Notes However, there is no Security Advisory about them. Adding a...
Upgrading org.yaml:snakeyaml from 1.29 to 1.31 in karate-core fixes a Denial of Service (DoS) vulnerability caused by a missing nested depth limitation for collections. https://nvd.nist.gov/vuln/detail/CVE-2022-25857
karate-core/pom.xml has this dependency: com.linecorp.armeria:armeria1.13.4 This includes a vulnerable ([CVE-2020-36518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518)) jackson-databind dependency: https://mvnrepository.com/artifact/com.linecorp.armeria/armeria/1.13.4 Bumping armeria to 1.18.0 or any later fixes this: https://mvnrepository.com/artifact/com.linecorp.armeria/armeria/1.18.0
jade4j is now pug4j: https://github.com/neuland/jade4j#readme Therefore we deprecate vertx-web-templ-jade and add vertx-web-templ-pug with jade renamed to pug.
ParsedDockerComposeFile is vulnerable to deserialization gadget chain attacks that can lead to remote code execution when the file has untrusted content: https://nvd.nist.gov/vuln/detail/CVE-2022-1471 This should be fixed by using SafeConstructor as...
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 https://github.com/bcgit/bc-java/wiki/CVE-2023-33202 Obsoletes #1815
Upgrade Spring and Spring Boot to the latest patch version for the given minor version. This upgrades several vulnerable dependencies: json-smart from 2.4.8 to 2.4.10 fixing Denial of Service (DoS):...
https://classification.nlm.nih.gov/outline has these classification schedules: QS-QZ and W and WA-WZ, for 19th Century also QSA-QZZ and WAA-WZZ. The current marc4j implementation incorrectly rejects W, and it incorrectly accepts classification schedules...