Skip to content

Remove JDOM dependency #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aalsanie wants to merge 3 commits into from
Closed

Remove JDOM dependency #144

aalsanie wants to merge 3 commits into from

Conversation

@aalsanie
Copy link

@aalsanie aalsanie commented Dec 22, 2025

@psiinon
Copy link
Member

psiinon commented Dec 22, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details9f90fb19-1e99-4349-a0a1-d41b1be0551a

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH Improper_Restriction_of_Stored_XXE_Ref /subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApiMain.java: 214
detailsThe loads and parses XML using parse, at line 213 of /subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/AlertsFile.java. This...
ID: zW%2BiHctL%2BM4CHztLxV8BSEwlXZE%3D
Attack Vector
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH Improper_Restriction_of_Stored_XXE_Ref /subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApiMain.java: 214

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

@thc202 thc202 changed the title CVE-2021-33813: Removed jdom dependency Remove JDOM dependency Dec 22, 2025
@thc202
Copy link
Member

thc202 commented Dec 22, 2025
edited
Loading

Make sure the build checks pass.

thc202
thc202 reviewed Dec 22, 2025
View reviewed changes
CHANGELOG.md
## [Unreleased]
### Removed
- Removed jdom dependency
- Address XXE in JDOM SAXBuilder [CVE-2021-33813](https://github.com/advisories/GHSA-2363-cqg2-863c)
Copy link
Member

@thc202 thc202 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is irrelevant for usage done by the API client.

CHANGELOG.md
### Removed
- Removed jdom dependency
- Address XXE in JDOM SAXBuilder [CVE-2021-33813](https://github.com/advisories/GHSA-2363-cqg2-863c)
- Use w3c dom instead
Copy link
Member

@thc202 thc202 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is irrelevant for the end user.

CHANGELOG.md

## [Unreleased]
### Removed
- Removed jdom dependency
Copy link
Member

@thc202 thc202 Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JDOM

@aalsanie aalsanie closed this Dec 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thc202 thc202 thc202 left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aalsanie @psiinon @thc202