Merge branch 'release/v1.7.3-2'

cloudogu · Aug 7, 2024 · b6c61fd · b6c61fd
2 parents 2555fdb + 0375101
commit b6c61fd
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.7.3-2] - 2024-08-06
+### Changed
+- update OpenJDK to 21.0.4
+- update Alpine base image to 3.20.2-1
+
+### Security
+- fix CVE-2024-41110 (#222)
+
 ## [v1.7.3-1] - 2024-08-05
 
 ### Changed

diff --git a/Dockerfile b/Dockerfile
@@ -16,9 +16,9 @@ RUN set -x \
 
 
 
-FROM registry.cloudogu.com/official/java:21.0.3-4
+FROM registry.cloudogu.com/official/java:21.0.4-1
 LABEL NAME="official/smeagol" \
-      VERSION="1.7.3-1" \
+      VERSION="1.7.3-2" \
       maintainer="[email protected]"
 
 ENV SERVICE_TAGS=webapp \

diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
@@ -4,6 +4,9 @@ Im Folgenden finden Sie die Release Notes für Smeagol.
 
 Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https://docs.cloudogu.com/de/docs/dogus/smeagol/CHANGELOG/).
 
+## Release 1.7.3-2
+* Behebung von kritischem CVE-2024-41110 in Bibliotheksabhängigkeiten. Diese Schwachstelle konnte jedoch nicht aktiv ausgenutzt werden.
+
 ## Release 1.7.3-1
 
 **Das Release behebt einen ([DoS-Angriffsvektor](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). Ein Update ist daher empfohlen.**

diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
@@ -4,6 +4,9 @@ Below you will find the release notes for Smeagol.
 
 Technical details on a release can be found in the corresponding [Changelog](https://docs.cloudogu.com/en/docs/dogus/smeagol/CHANGELOG/).
 
+## Release 1.7.3-2
+* Fix of critical CVE-2024-41110 in library dependencies. This vulnerability could not be actively exploited, though.
+
 ## Release 1.7.3-1
 
 ** The release fixes a ([DoS attack vector](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). An update is therefore recommended.**

diff --git a/dogu.json b/dogu.json
@@ -1,6 +1,6 @@
 {
   "Name": "official/smeagol",
-  "Version": "1.7.3-1",
+  "Version": "1.7.3-2",
   "DisplayName": "Smeagol",
   "Description": "Store your technical documentation with in your git repositories",
   "Category": "Development Apps",

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "smeagol",
-  "version": "1.7.3-1",
+  "version": "1.7.3-2",
   "private": true,
   "dependencies": {
     "ces-theme": "https://github.com/cloudogu/ces-theme.git#v0.7.2",

diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
 
     <groupId>com.cloudogu.wiki</groupId>
     <artifactId>smeagol</artifactId>
-    <version>1.7.3-1</version>
+    <version>1.7.3-2</version>
     <name>smeagol</name>
     <packaging>war</packaging>