{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":1756184,"defaultBranch":"master","name":"joda-time-jsptags","ownerLogin":"JodaOrg","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2011-05-16T16:13:51.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/779257?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1613525623.4894211","currentOid":""},"activityList":{"items":[{"before":"6eb75d1c9002fbcf48277840f5cc68d3b84fadd8","after":"5d82035c0c33b1c583f002493671afb636072a80","ref":"refs/heads/master","pushedAt":"2023-12-21T09:43:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jodastephen","name":"Stephen Colebourne","path":"/jodastephen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/213212?s=80&v=4"},"commit":{"message":"Use HTTPS instead of HTTP to resolve dependencies (#2)\n\nThis fixes a security vulnerability in this project where the `pom.xml`\r\nfiles were configuring Maven to resolve dependencies over HTTP instead of\r\nHTTPS.\r\n\r\nSigned-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>","shortMessageHtmlLink":"Use HTTPS instead of HTTP to resolve dependencies (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"562990179\" data-permission-text=\"Title is private\" data-url=\"https://github.com/JodaOrg/joda-time-jsptags/issues/2\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/JodaOrg/joda-time-jsptags/pull/2/hovercard\" href=\"https://github.com/JodaOrg/joda-time-jsptags/pull/2\">#2</a>)"}},{"before":"ed435f1ce76b8d97d6f0eafaadecdb75424d12c5","after":"6eb75d1c9002fbcf48277840f5cc68d3b84fadd8","ref":"refs/heads/master","pushedAt":"2023-12-21T09:42:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jodastephen","name":"Stephen Colebourne","path":"/jodastephen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/213212?s=80&v=4"},"commit":{"message":"vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 (#3)\n\nThis fixes a security vulnerability in this project where the `pom.xml`\r\nfiles were configuring Maven to resolve dependencies over HTTP instead of\r\nHTTPS.\r\n\r\nWeakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere\r\nSeverity: High\r\nCVSS: 8.1\r\nDetection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)\r\n\r\nReported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>\r\n\r\n\r\nBug-tracker: https://github.com/JLLeitschuh/security-research/issues/8\r\nDetection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)\r\n\r\nReported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>\r\n\r\n\r\nBug-tracker: https://github.com/JLLeitschuh/security-research/issues/8\r\n\r\n\r\nUse this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D\r\n\r\nCo-authored-by: Moderne <team@moderne.io>","shortMessageHtmlLink":"vuln-fix: Use HTTPS instead of HTTP to resolve deps <a title=\"CVE-2021-26291\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-2f88-5hg8-9x2x/hovercard\" href=\"https://github.com/advisories/GHSA-2f88-5hg8-9x2x\">CVE-2021-26291</a> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2045642360\" data-permission-text=\"Title is private\" data-url=\"https://github.com/JodaOrg/joda-time-jsptags/issues/3\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/JodaOrg/joda-time-jsptags/pull/3/hovercard\" href=\"https://github.com/JodaOrg/joda-time-jsptags/pull/3\">#3</a>)"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADz2weTQA","startCursor":null,"endCursor":null}},"title":"Activity · JodaOrg/joda-time-jsptags"}