Skip to content

fix(plexus-utils2): CVE-2025-67030#2

Merged
Zeno-sole merged 1 commit intomasterfrom
fix/CVE-2025-67030
Apr 30, 2026
Merged

fix(plexus-utils2): CVE-2025-67030#2
Zeno-sole merged 1 commit intomasterfrom
fix/CVE-2025-67030

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented Apr 27, 2026

Security Update

CVE-2025-67030

Fix Directory Traversal (Zip Slip) vulnerability in Expand.java.
Use getCanonicalPath() instead of getAbsolutePath() for proper
path validation to prevent directory traversal attacks.

Generated by AI

@deepin-ci-robot @hudeng-go
fix(plexus-utils2): CVE-2025-67030
d78aa36 
Fix Directory Traversal (Zip Slip) vulnerability in Expand.java.
Use getCanonicalPath() instead of getAbsolutePath() for proper
path validation to prevent directory traversal attacks.

Upstream: codehaus-plexus/plexus-utils@36ea352

Generated-By: glm-5.1

Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented Apr 27, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qaqland for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

TAG Bot

TAG: 3.4.2-1deepin1
EXISTED: no
DISTRIBUTION: unstable

@hudeng-go
Copy link
Copy Markdown
Contributor

hudeng-go commented Apr 30, 2026

/integrate

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3913
PrNumber: 3913
PrBranch: auto-integration-25144627384

@deepin-community-ci-bot deepin-community-ci-bot Bot mentioned this pull request Apr 30, 2026
Open
@Zeno-sole Zeno-sole merged commit a0f8c28 into master Apr 30, 2026
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenchongbiao chenchongbiao Awaiting requested review from chenchongbiao

@myml myml Awaiting requested review from myml

Assignees

No one assigned

Labels

cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deepin-ci-robot @hudeng-go @Zeno-sole