{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":71230327,"defaultBranch":"main","name":"spring-boot-thin-launcher","ownerLogin":"spring-projects-experimental","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-10-18T09:13:45.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/45858759?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1694783866.0","currentOid":""},"activityList":{"items":[{"before":"073342e184a347d32763a610c6bc4ceaaf264922","after":"ff468002afebf5a709dfadc6344af5caef0d25ab","ref":"refs/heads/main","pushedAt":"2024-09-02T17:02:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Fix some broken tests","shortMessageHtmlLink":"Fix some broken tests"}},{"before":"9ffc00231b74e58d75c4446d54357c42b39f7fbc","after":"073342e184a347d32763a610c6bc4ceaaf264922","ref":"refs/heads/main","pushedAt":"2024-09-02T16:40:37.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update actions","shortMessageHtmlLink":"Update actions"}},{"before":"f4a49bb1531ce3f8a835d9987181b7a7773f1316","after":"9ffc00231b74e58d75c4446d54357c42b39f7fbc","ref":"refs/heads/main","pushedAt":"2024-09-02T12:45:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update actions","shortMessageHtmlLink":"Update actions"}},{"before":"2f29eb3092978e6e85fd75430251176b1d2093e5","after":"f4a49bb1531ce3f8a835d9987181b7a7773f1316","ref":"refs/heads/main","pushedAt":"2024-09-02T12:44:51.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update actions","shortMessageHtmlLink":"Update actions"}},{"before":"38fc7b67e9cebcec749406512739252d6f00a4f0","after":"2f29eb3092978e6e85fd75430251176b1d2093e5","ref":"refs/heads/main","pushedAt":"2024-09-02T12:43:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update actions","shortMessageHtmlLink":"Update actions"}},{"before":"f6387b07e10d002eee6a4b7d6e724d357cf34efe","after":"38fc7b67e9cebcec749406512739252d6f00a4f0","ref":"refs/heads/main","pushedAt":"2024-09-02T11:19:22.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Ensured tabs are used instead of spaces for indentation","shortMessageHtmlLink":"Ensured tabs are used instead of spaces for indentation"}},{"before":"42c0848acfa0173aa9fdd36c130c1a86517489a3","after":"f6387b07e10d002eee6a4b7d6e724d357cf34efe","ref":"refs/heads/main","pushedAt":"2024-01-09T09:15:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Use maven.home if it exists","shortMessageHtmlLink":"Use maven.home if it exists"}},{"before":"843a1e4caf5289f522d4f3141732f6f54efb6e26","after":"42c0848acfa0173aa9fdd36c130c1a86517489a3","ref":"refs/heads/main","pushedAt":"2024-01-09T09:12:20.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Improve implementation of settings home","shortMessageHtmlLink":"Improve implementation of settings home"}},{"before":"5618395174e1b222cdbc700c2da2bee23bc816b7","after":"843a1e4caf5289f522d4f3141732f6f54efb6e26","ref":"refs/heads/main","pushedAt":"2024-01-08T14:48:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Look in other places for settings.xml\n\nFixes gh-208","shortMessageHtmlLink":"Look in other places for settings.xml"}},{"before":"7590ff61c13fd1a17b1f29be15c01ee4e0d16c6e","after":"5618395174e1b222cdbc700c2da2bee23bc816b7","ref":"refs/heads/main","pushedAt":"2023-12-08T13:03:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Switch to publicly available gradle jars","shortMessageHtmlLink":"Switch to publicly available gradle jars"}},{"before":"d3603bab33023c81a70ac18f099c57b9f0b3585a","after":"7590ff61c13fd1a17b1f29be15c01ee4e0d16c6e","ref":"refs/heads/main","pushedAt":"2023-12-08T11:38:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Use base class for exception","shortMessageHtmlLink":"Use base class for exception"}},{"before":"a74a669d55802724068a5e3fc27cfb7f28bd1cea","after":"d3603bab33023c81a70ac18f099c57b9f0b3585a","ref":"refs/heads/main","pushedAt":"2023-12-08T10:12:01.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Alter pipeline to push plugin to Gradle","shortMessageHtmlLink":"Alter pipeline to push plugin to Gradle"}},{"before":"d3603bab33023c81a70ac18f099c57b9f0b3585a","after":"a74a669d55802724068a5e3fc27cfb7f28bd1cea","ref":"refs/heads/main","pushedAt":"2023-12-08T10:05:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Extended ThinJarLauncher from the spring boot JarLauncher to support a hybrid mode where jars can be nested as usual in BOOT-INF/lib","shortMessageHtmlLink":"Extended ThinJarLauncher from the spring boot JarLauncher to support …"}},{"before":"7b6e36fb4c8a0428249bf7e258e4fe2193d022ac","after":"d3603bab33023c81a70ac18f099c57b9f0b3585a","ref":"refs/heads/main","pushedAt":"2023-12-07T17:23:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Alter pipeline to push plugin to Gradle","shortMessageHtmlLink":"Alter pipeline to push plugin to Gradle"}},{"before":"7332f4f5e2f6ca1f0a8ee3d58ccf54fb2a51de74","after":"7b6e36fb4c8a0428249bf7e258e4fe2193d022ac","ref":"refs/heads/main","pushedAt":"2023-09-20T07:27:43.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Revert to snapshots","shortMessageHtmlLink":"Revert to snapshots"}},{"before":"bd62bb985691df557767d7c1a89f9689a1feb6f7","after":"7332f4f5e2f6ca1f0a8ee3d58ccf54fb2a51de74","ref":"refs/heads/main","pushedAt":"2023-09-20T07:11:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Revert to snapshots","shortMessageHtmlLink":"Revert to snapshots"}},{"before":"93b07cc6b85dd029e050f869fcc789e7690a9f41","after":"bd62bb985691df557767d7c1a89f9689a1feb6f7","ref":"refs/heads/main","pushedAt":"2023-09-20T07:05:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Revert to snapshots","shortMessageHtmlLink":"Revert to snapshots"}},{"before":"83cab1f544da01d64155edafd91028b2380bd14b","after":"93b07cc6b85dd029e050f869fcc789e7690a9f41","ref":"refs/heads/main","pushedAt":"2023-09-19T14:10:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update to 1.0.31","shortMessageHtmlLink":"Update to 1.0.31"}},{"before":"ab9bdd625f6d09f3598b5b8a95773000f30d30d8","after":"83cab1f544da01d64155edafd91028b2380bd14b","ref":"refs/heads/main","pushedAt":"2023-09-19T12:58:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update to 1.0.31","shortMessageHtmlLink":"Update to 1.0.31"}},{"before":"eb5aad791358764f493d69ec39a750f7655c80c2","after":"ab9bdd625f6d09f3598b5b8a95773000f30d30d8","ref":"refs/heads/main","pushedAt":"2023-09-19T11:32:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"An alternative more orthodox Gradle solution","shortMessageHtmlLink":"An alternative more orthodox Gradle solution"}},{"before":"a76c13ee7ea34f833467cd7527acf6de51d2dc27","after":"eb5aad791358764f493d69ec39a750f7655c80c2","ref":"refs/heads/main","pushedAt":"2023-09-18T10:33:32.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Try and make it work with older versions of Boot","shortMessageHtmlLink":"Try and make it work with older versions of Boot"}},{"before":"fe46eee16571ae2e36a425f40dee32e8256f79da","after":"a76c13ee7ea34f833467cd7527acf6de51d2dc27","ref":"refs/heads/main","pushedAt":"2023-09-18T07:46:35.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Add mustRunAfter to satisfy Gradle 8","shortMessageHtmlLink":"Add mustRunAfter to satisfy Gradle 8"}},{"before":null,"after":"3f9fe754ad4a831957e6776786141c456b788cf2","ref":"refs/heads/dependabot/maven/maven-plugin/org.codehaus.plexus-plexus-archiver-4.8.0","pushedAt":"2023-07-25T17:23:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump org.codehaus.plexus:plexus-archiver in /maven-plugin\n\nBumps [org.codehaus.plexus:plexus-archiver](https://github.com/codehaus-plexus/plexus-archiver) from 3.4 to 4.8.0.\n- [Release notes](https://github.com/codehaus-plexus/plexus-archiver/releases)\n- [Changelog](https://github.com/codehaus-plexus/plexus-archiver/blob/master/ReleaseNotes.md)\n- [Commits](https://github.com/codehaus-plexus/plexus-archiver/compare/plexus-archiver-3.4...plexus-archiver-4.8.0)\n\n---\nupdated-dependencies:\n- dependency-name: org.codehaus.plexus:plexus-archiver\n  dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Bump org.codehaus.plexus:plexus-archiver in /maven-plugin"}},{"before":"0cabef1208f4a0f93cecf09c6e653126cf2524d7","after":"fe46eee16571ae2e36a425f40dee32e8256f79da","ref":"refs/heads/main","pushedAt":"2023-07-12T13:28:52.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Exclude Maven metadata from wrapper jar\n\nIt confuses some tools when scanning for application metadata.\nSee gh-199.","shortMessageHtmlLink":"Exclude Maven metadata from wrapper jar"}},{"before":"bceb371197ca4fd182eee0f9983d34843ccfba15","after":"0cabef1208f4a0f93cecf09c6e653126cf2524d7","ref":"refs/heads/main","pushedAt":"2023-06-15T10:39:27.252Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Revert to snapshots","shortMessageHtmlLink":"Revert to snapshots"}},{"before":"9d1e07671fe6c7f1611145cb67dff5a68206f79b","after":"bceb371197ca4fd182eee0f9983d34843ccfba15","ref":"refs/heads/main","pushedAt":"2023-06-15T07:59:38.770Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Update for 1.0.30","shortMessageHtmlLink":"Update for 1.0.30"}},{"before":"5e4db41caeac3147b6dc992de831a91300d15f87","after":"9d1e07671fe6c7f1611145cb67dff5a68206f79b","ref":"refs/heads/main","pushedAt":"2023-06-14T14:22:25.955Z","pushType":"push","commitsCount":2,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Make sure to look in Maven Central","shortMessageHtmlLink":"Make sure to look in Maven Central"}},{"before":"1ba57db02d1a4277ac5d7abce3c52c6db973f4d3","after":"5e4db41caeac3147b6dc992de831a91300d15f87","ref":"refs/heads/main","pushedAt":"2023-06-04T07:59:39.977Z","pushType":"push","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"Timeout needs to be long","shortMessageHtmlLink":"Timeout needs to be long"}},{"before":"3d1091a9eeae87c789695c28017bdea3494882b3","after":"1ba57db02d1a4277ac5d7abce3c52c6db973f4d3","ref":"refs/heads/main","pushedAt":"2023-05-26T14:36:43.663Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"chore(dependency): upgrade spring boot to latest version\n\nThis will upgrade spring-core to 5.3.26","shortMessageHtmlLink":"chore(dependency): upgrade spring boot to latest version"}},{"before":"a3d1d9a82c53ff4f4c05a39ddecf370dd52a6ac4","after":"3d1091a9eeae87c789695c28017bdea3494882b3","ref":"refs/heads/main","pushedAt":"2023-03-18T07:58:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"dsyer","name":"Dave Syer","path":"/dsyer","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/124075?s=80&v=4"},"commit":{"message":"vuln-fix: Partial Path Traversal Vulnerability\n\nThis fixes a partial path traversal vulnerability.\n\nReplaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.\n\nTo demonstrate this vulnerability, consider `\"/usr/outnot\".startsWith(\"/usr/out\")`.\nThe check is bypassed although `/outnot` is not under the `/out` directory.\nIt's important to understand that the terminating slash may be removed when using various `String` representations of the `File` object.\nFor example, on Linux, `println(new File(\"/var\"))` will print `/var`, but `println(new File(\"/var\", \"/\")` will print `/var/`;\nhowever, `println(new File(\"/var\", \"/\").getCanonicalPath())` will print `/var`.\n\nWeakness: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nSeverity: Medium\nCVSSS: 6.1\nDetection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.PartialPathTraversalVulnerability)\n\nReported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>\nSigned-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>\n\nBug-tracker: https://github.com/JLLeitschuh/security-research/issues/13\n\nCo-authored-by: Moderne <team@moderne.io>","shortMessageHtmlLink":"vuln-fix: Partial Path Traversal Vulnerability"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEqtDKjwA","startCursor":null,"endCursor":null}},"title":"Activity · spring-projects-experimental/spring-boot-thin-launcher"}