Skip to content

RUN-3632: Hibernate CVEs and related Updates #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

RUN-3632: Hibernate CVEs and related Updates #2

wants to merge 1 commit into from

Conversation

@fdevans
Copy link

@fdevans fdevans commented Aug 26, 2025
edited
Loading

CVE Fixes Applied

Updated Hibernate: 5.1.13.Final → 5.6.15.Final

✅ Fixes CVE-2020-25638, CVE-2020-10683, CVE-2019-14900, CVE-2018-1000632
✅ Uses modern, non-vulnerable Hibernate version
✅ Minimal Infrastructure Changes

Removed jfrog/Bintray

✅ Removed gradle-bintray-plugin dependency
✅ Removed apply plugin: "com.jfrog.bintray"
✅ Removed entire bintray configuration block
✅ Updated publish scripts to use Maven Central only

Updated Java Code:

✅ Changed from deprecated Oracle10gDialect → [Oracle12cDialect](vscode-file://vscode-app/Applications/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-browser/workbench/workbench.html)
✅ Added proper constructor to initialize custom mappings
✅ No deprecation warnings
✅ Maintains all existing functionality

✅ What Was Preserved (Incremental Approach)

✅ Kept Gradle 4.8.1 (no forced upgrade)
✅ Kept maven plugin syntax (familiar patterns)
✅ Kept uploadArchives for Maven publishing
✅ Kept existing project structure
✅ Kept axion-release versioning
✅ All existing build artifacts still generated

✅ Build Status

✅ Clean compilation with no warnings
✅ All tests pass
✅ Generates: main jar, sources jar, javadoc jar
✅ Ready for Maven Central publishing

@fdevans fdevans requested a review from Copilot August 26, 2025 23:09
Copilot AI reviewed Aug 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses multiple CVEs by upgrading Hibernate from 5.1.13.Final to 5.6.15.Final and removes deprecated Bintray/JFrog dependencies in favor of Maven Central publishing.

  • Updated Hibernate dialect from deprecated Oracle10gDialect to Oracle12cDialect
  • Removed Bintray/JFrog publishing configuration and switched to Maven Central
  • Added proper constructor initialization for custom type mappings

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
src/main/java/org/rundeck/hibernate/RundeckOracleDialect.java Updates Oracle dialect to use Oracle12cDialect and adds constructor for proper initialization
scripts/publish-release.sh Replaces Bintray publishing with Maven Central using Sonatype credentials

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

src/main/java/org/rundeck/hibernate/RundeckOracleDialect.java

protected void registerCharacterTypeMappings() {
super.registerCharacterTypeMappings();
protected void registerCustomCharacterTypeMappings() {
Copy link

Copilot AI Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The method was renamed from registerCharacterTypeMappings() to registerCustomCharacterTypeMappings() but the super.registerCharacterTypeMappings() call was removed. This could break inheritance behavior if the parent class's character type mappings are needed. Consider calling super.registerCharacterTypeMappings() before the custom registration.

Suggested change
protected void registerCustomCharacterTypeMappings() {
protected void registerCustomCharacterTypeMappings() {
super.registerCharacterTypeMappings();

Copilot uses AI. Check for mistakes.
@fdevans fdevans changed the title RUN-3632: Minimal Changes and Build succeeds to solve CVEs RUN-3632: Hibernate CVEs and related Updates Aug 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fdevans