[GHSA-4qqf-hmv6-r6wh] Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J#7412
Conversation
github-actions
bot
changed the base branch from
main
to
kmoens/advisory-improvement-7412
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the advisory metadata for GHSA-4qqf-hmv6-r6wh to reflect an additional affected Maven coordinate (legacy dependency name) and refresh the advisory modification timestamp.
Changes:
- Updated the advisory
modifiedtimestamp. - Added
wss4j:wss4jas an additional affected Maven package entry with an affected version range.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| ] | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "last_known_affected_version_range": "< 1.6.5" | ||
| } |
There was a problem hiding this comment.
last_known_affected_version_range: "< 1.6.5"indicates a concrete boundary where1.6.5is not affected; in OSV-style ranges this is typically modeled as afixedevent (e.g.,introduced: "0"+fixed: "1.6.5") rather than relying on database_specific. Using fixedmakes the affected range machine-readable/consistent across tooling; consider moving this constraint intoeventsand removing thedatabase_specificrange note (or keepingdatabase_specific` only for extra context).
| } | |
| ] | |
| } | |
| ], | |
| "database_specific": { | |
| "last_known_affected_version_range": "< 1.6.5" | |
| } | |
| }, | |
| { | |
| "fixed": "1.6.5" | |
| } | |
| ] | |
| } | |
| ] |
advisory-database
bot
merged commit f773ad2
into
kmoens/advisory-improvement-7412
|
Hi @kmoens! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
Updates
Comments
The wss4j:wss4j is an older name for the dependency,