[Snyk] Security upgrade org.apache.commons:commons-text from 1.12.0 to 1.14.0

[dhafley]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• app/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Uncontrolled Recursion SNYK-JAVA-ORGAPACHECOMMONS-10734078	726	org.apache.commons:commons-text: 1.12.0 -> 1.14.0 No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[gnair]

Checkmarx One – Scan Summary & Details – bf3f56fa-3f07-4b65-84ef-bd84d27c5d9e

New Issues (273)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Expression_Language_Injection_OGNL	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 363	Attack Vector
	Expression_Language_Injection_OGNL	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 363	Attack Vector
	Expression_Language_Injection_OGNL	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 363	Attack Vector
	Expression_Language_Injection_OGNL	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 363	Attack Vector
	Stored_XSS	/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAWeblogManagerImpl.java: 395	details The method doGet embeds untrusted data in generated output with println, at line 114 of /app/src/main/java/org/apache/roller/weblogger/webservices/... ID: A0F%2FSU40i0iRWfL3CtgCiD7Pe7M%3D Attack Vector
	Stored_XSS	/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAWeblogManagerImpl.java: 395	details The method doGet embeds untrusted data in generated output with println, at line 116 of /app/src/main/java/org/apache/roller/weblogger/webservices/... ID: uhA6NvunrbGTB0lDR1w06hmFXpk%3D Attack Vector
	Absolute_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java: 368	details Method putMedia at line 368 of /app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java gets dynamic data from... ID: b7AIrR%2FqCbMF990CjPIUYDPRsJY%3D Attack Vector
	Absolute_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java: 88	details Method postMedia at line 88 of /app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java gets dynamic data from... ID: %2FdFz9UGz6pmVruaGlcYN3CDsuLM%3D Attack Vector
	Absolute_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java: 88	details Method postMedia at line 88 of /app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java gets dynamic data from... ID: ppPO91DkiMxYwN%2BE8WA0sRV7zpo%3D Attack Vector
	Client_DOM_Code_Injection_from_AJAX	/app/src/main/webapp/WEB-INF/jsps/editor/Comments.jsp: 465	details Method Cxd0f7c99f at line 465 of /app/src/main/webapp/WEB-INF/jsps/editor/Comments.jsp gets user input for the data element. The input flows to ... ID: p05JUtx81dTu8i0JAy60L9y6VW8%3D Attack Vector
	Client_DOM_Code_Injection_from_AJAX	/app/src/main/webapp/WEB-INF/jsps/editor/Comments.jsp: 437	details Method Cx172f326b at line 437 of /app/src/main/webapp/WEB-INF/jsps/editor/Comments.jsp gets user input for the rdata element. The input flows to... ID: slsiXTtXcroamvwMY5EJlEr0brs%3D Attack Vector
	Improper_Restriction_of_Stored_XXE_Ref	/app/src/test/java/org/apache/roller/weblogger/business/BookmarkTest.java: 307	details The importBookmarks loads and parses XML using build, at line 147 of /app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManager... ID: iNFuFB2w2dzFmSPoIeHarHas%2FG8%3D Attack Vector
	Improper_Restriction_of_XXE_Ref	/app/src/test/java/org/apache/roller/weblogger/business/BookmarkTest.java: 326	details The importBookmarks loads and parses XML using build, at line 147 of /app/src/main/java/org/apache/roller/weblogger/business/jpa/JPABookmarkManager... ID: Bq2GL2Ui4EAe8PG8CymVvjn%2BvTU%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogCommentRequest.java: 130	details The method validate embeds untrusted data in generated output with write, at line 82 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering... ID: gl%2BFlsrXjAmo%2BwAY8oGY3A7xPoc%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogCommentRequest.java: 118	details The method validate embeds untrusted data in generated output with write, at line 82 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering... ID: qpyNp5BOqBAiYrKgSBa6PcCqZDw%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogCommentRequest.java: 122	details The method validate embeds untrusted data in generated output with write, at line 82 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering... ID: 1h5exJUcfnf9PLD%2BypuGPYAjfWg%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogTrackbackRequest.java: 115	details The method validate embeds untrusted data in generated output with write, at line 82 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering... ID: l4roNaS6%2BmjN3LS16ddJmboD0sE%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogTrackbackRequest.java: 123	details The method validate embeds untrusted data in generated output with write, at line 82 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering... ID: gSe5eFEc%2BRRecv42rzReU8IPbbA%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/LdapCommentAuthenticator.java: 72	details The method doGet embeds untrusted data in generated output with println, at line 66 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/... ID: gloTS%2BzwxzWOPiq7GPI30pV5NPk%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogTrackbackRequest.java: 119	details The method validate embeds untrusted data in generated output with write, at line 82 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering... ID: zHHVfLMfaRFxsu5pbjjR4pldWfk%3D Attack Vector
	Reflected_XSS	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/LdapCommentAuthenticator.java: 73	details The method doGet embeds untrusted data in generated output with println, at line 66 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/... ID: 4m8dbPJIuTU5WBDt2VBDmU17lgM%3D Attack Vector
	Relative_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java: 73	details Method WeblogRequest at line 73 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java gets dynamic data from the ... ID: TYRHBYEvJpVu%2B2i%2BYGNKKCuRUco%3D Attack Vector
	Relative_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java: 73	details Method WeblogRequest at line 73 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java gets dynamic data from the ... ID: 6aw875Q4ItcHY%2Bv0dS1GNTthaoM%3D Attack Vector
	Relative_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java: 73	details Method WeblogRequest at line 73 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java gets dynamic data from the ... ID: gbK5mCHTFoaKod6M41csvkiqyRo%3D Attack Vector
	Relative_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java: 73	details Method WeblogRequest at line 73 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java gets dynamic data from the ... ID: NHuyWTbU3chzDtRToeDJ39jOBjs%3D Attack Vector
	Relative_Path_Traversal	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java: 73	details Method WeblogRequest at line 73 of /app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogRequest.java gets dynamic data from the ... ID: SIjN1uzba3i8yHyHYLJZlYg7zGo%3D Attack Vector
	SSRF	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogCommentRequest.java: 126	details The application sends a request to a remote server, for some resource, using openStream in /app/src/main/java/org/apache/roller/weblogger/util/Link... ID: Ap9a%2BUiAApdqhJt2R3PT6ubn4%2B4%3D Attack Vector
	SSRF	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogTrackbackRequest.java: 119	details The application sends a request to a remote server, for some resource, using openStream in /app/src/main/java/org/apache/roller/weblogger/util/Link... ID: pdynMDTSxfLSCbH68Kwq5WFIO44%3D Attack Vector
	CSRF	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java: 211	details Method getBean at line 211 of /app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/Entries.java gets a parameter from a user request f... ID: itaqO8UIhGrsWYeXEOOY1D39Q5s%3D Attack Vector
	CSRF	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIAction.java: 281	details Method getAuthenticatedUser at line 281 of /app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIAction.java gets a parameter from a us... ID: nJf34m4RJa9FSDKujQR0vbYfSFc%3D Attack Vector
	CSRF	/app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/RollerAtomHandler.java: 467	details Method authenticateBASIC at line 467 of /app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/RollerAtomHandler.java gets a para... ID: OUdq20%2Fsqpu0geJInOcPcQK3pbI%3D Attack Vector
	CSRF	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 323	details Method getEntry at line 323 of /app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java gets a parameter from a user reques... ID: Wg3y4aMtweBdcO7kDqEydYVdBto%3D Attack Vector

More results are available on the CxOne platform

Fixed Issues (12)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Parameter_Tampering	/app/src/main/java/org/apache/roller/weblogger/planet/ui/PlanetGroupSubs.java: 313
	Privacy_Violation	/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java: 283
	Privacy_Violation	/app/src/main/java/org/apache/roller/weblogger/business/jpa/JPAOAuthManagerImpl.java: 283
	Unchecked_Input_for_Loop_Condition	/app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogSearchRequest.java: 89
	Unchecked_Input_for_Loop_Condition	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 323
	Unchecked_Input_for_Loop_Condition	/app/src/main/java/org/apache/roller/weblogger/webservices/atomprotocol/MediaCollection.java: 92
	Log_Forging	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 150
	Log_Forging	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 153
	Log_Forging	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 171
	Log_Forging	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 173
	Log_Forging	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 177
	Log_Forging	/app/src/main/java/org/apache/roller/weblogger/ui/struts2/editor/EntryEdit.java: 179