vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Add Apache Camel Advisories

Open kunalsz opened this issue 9 months ago • 2 comments

In reference to the issue #1515

Changes Made:

  • Apache Camel Advisory Pipeline added
  • Test written

kunalsz avatar Mar 02 '25 21:03 kunalsz

@keshav-space Thanks for the review, I'll make the necessary changes and update you.

kunalsz avatar Apr 17 '25 10:04 kunalsz

@keshav-space I have update the version parsing logic and it works fine. But I have a doubt on how to incorporate fixed_version in the affected_package

For example:

  • For the affected version string 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 the fixed version string is 3.2.0
  • affected string 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0. fixed string : 3.14.6, 3.18.4 . Here what should be the fixed version for 3.19.0 ? Or should I leave it empty ?
  • Similary in 2.22.x, 2.23.x, 2.24.x, 2.25.0 and 2.25.1, 3.0.0 up to 3.3.0 for which fixed string is 2.25.2, 3.4.0.
  • And lastly the latest affected strings are like Apache Camel 4.10.0 before 4.10.3. Apache Camel 4.8.0 before 4.8.6. for which fixed strings are given in reverse making it tedious to get the fixed version 4.8.6 and 4.10.3

Looking forward to your insights !

kunalsz avatar Apr 21 '25 21:04 kunalsz