Skip to content

chore: back-merge master into development#303

Merged
reeshika-h merged 3 commits into
developmentfrom
master
Jun 29, 2026
Merged

chore: back-merge master into development#303
reeshika-h merged 3 commits into
developmentfrom
master

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

Automated back-merge after changes landed on . Review and merge to keep \ in sync.

@reeshika-h
fix(security): bump contentstack-utils to 1.5.1 to address Spring CVEs
567f6b0 
Bumps contentstack-utils-java: 1.3.0 → 1.5.1
Pulls in fixed transitive Spring Framework dependencies resolving:
- CVE-2026-41840 (High) - DoS via Multipart in WebFlux
- CVE-2026-41851 (High) - DoS via Unbounded SpEL Cache
- CVE-2026-41839 (Medium) - Session Fixation in WebFlux
- CVE-2026-41853 (Medium) - HTTP Request Smuggling
- CVE-2026-41854 (Medium) - SSRF
- CVE-2026-41845 (Medium) - XSS via JavaScriptUtils
- CVE-2026-41848 (Medium) - ReDoS via AntPathMatcher
@reeshika-h
fix: update version to 2.7.1 and apply Snyk fixes
60518b1
@reeshika-h
Merge pull request #302 from contentstack/fix/snyk
a0f6bae 
Fix/snyk
@github-actions github-actions Bot requested a review from a team as a code owner June 24, 2026 09:31
@reeshika-h reeshika-h merged commit 87803e5 into development Jun 29, 2026
11 of 12 checks passed
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Author

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 1 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 0
  • Medium without fixes: 1
  • Low without fixes: 0

✅ BUILD PASSED - All security checks passed

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Author

Coverage Summary

  • 📘 Instruction Coverage: 92%
  • 🌿 Branch Coverage: 80%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reeshika-h reeshika-h reeshika-h approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reeshika-h