Skip to content

add necessary jars for releasing and name tag for projects#8487

Merged
ZheSun88 merged 2 commits into23.4from
fix-23.4-release
Feb 5, 2026
Merged

add necessary jars for releasing and name tag for projects#8487
ZheSun88 merged 2 commits into23.4from
fix-23.4-release

Conversation

@ZheSun88
Copy link
Contributor

@ZheSun88 ZheSun88 commented Feb 5, 2026

No description provided.

@ZheSun88 ZheSun88 merged commit 5ba184a into 23.4 Feb 5, 2026
1 of 4 checks passed
@ZheSun88 ZheSun88 deleted the fix-23.4-release branch February 5, 2026 07:30
@github-actions
Copy link

github-actions bot commented Feb 5, 2026

Dependencies Report

  • 🟠 Known Vulnerabilities:

  • 🚫 Vulnerabilities:

    • Vulnerabilities in: pkg:maven/com.vaadin/vaadin@23.4-SNAPSHOT [CVE-2025-15022, GHSA-c7v7-rqfm-f44j] (osv-bomber,osv-scan)
      ·
      • Vulnerabilities in: pkg:maven/org.apache.commons/commons-lang3@3.12.0 [CVE-2025-48924] (osv-bomber,osv-scan,owasp)
        · cpe:2.3:a:apache:commons_lang::::::::
      • Vulnerabilities in: pkg:maven/com.vaadin/vaadin-upload-flow@23.4.1 [GHSA-94g8-xv23-7656] (osv-bomber)
        ·
      • Vulnerabilities in: pkg:maven/com.vaadin/vaadin-spreadsheet-flow@23.4.1 [CVE-2025-15022] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/commons-fileupload/commons-fileupload@1.5 [CVE-2025-48976] (osv-bomber,osv-scan,owasp)
        · cpe:2.3:a:apache:commons_fileupload::::::::
        · cpe:2.3:a:apache:commons_fileupload:2.0.0:m1::::::
        · cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1::::::
        · cpe:2.3:a:apache:commons_fileupload:2.0.0:m2::::::
        · cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1::::::
        · cpe:2.3:a:apache:commons_fileupload:2.0.0:m3::::::
        · cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1::::::
      • Vulnerabilities in: pkg:maven/com.fasterxml.jackson.core/jackson-core@2.14.2 [CVE-2025-52999] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.3 [CVE-2025-53864] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.poi/poi-ooxml@5.2.3 [CVE-2025-31672] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.springframework/spring-websocket@5.3.32 [CVE-2025-41254] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.83 [CVE-2024-56337, CVE-2025-31650, CVE-2025-49124, CVE-2024-50379, CVE-2024-24549, CVE-2025-24813, CVE-2025-31651, CVE-2025-48989, CVE-2025-46701, CVE-2025-48988, CVE-2025-61795, CVE-2025-55754, CVE-2025-49125, CVE-2024-34750, CVE-2025-55752, BIT-tomcat-2024-56337, BIT-tomcat-2025-31650, BIT-tomcat-2025-49124, BIT-tomcat-2024-50379, BIT-tomcat-2024-24549, BIT-tomcat-2025-24813, BIT-tomcat-2025-31651, BIT-tomcat-2025-48989, BIT-tomcat-2025-46701, BIT-tomcat-2025-48988, BIT-tomcat-2025-61795, BIT-tomcat-2025-55754, BIT-tomcat-2025-49125, BIT-tomcat-2024-34750, BIT-tomcat-2025-55752, CVE-2024-52316, CVE-2024-38286, CVE-2025-52434, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2024-23672, CVE-2024-54677] (osv-bomber,osv-scan,owasp)
        · cpe:2.3:a:apache:tomcat::::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone21::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone22::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone23::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone24::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone25::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
        · cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
        · cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::
        · cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
        · cpe:2.3:a:apache:tomcat:9.0.0:-::::::
        ·
        · cpe:2.3:a:apache:tomcat:11.0.0:milestone26::::::
        · cpe:2.3:a:netapp:ontap_tools:10:::::vmware_vsphere::
      • Vulnerabilities in: pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@9.0.83 [CVE-2024-23672, BIT-tomcat-2024-23672] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.springframework/spring-web@5.3.32 [CVE-2024-38809, CVE-2024-22262, CVE-2024-38820, CVE-2016-1000027, CVE-2024-22259, CVE-2024-38808] (osv-bomber,osv-scan,owasp)
        ·
        · cpe:2.3:a:vmware:spring_framework::::::::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
        · cpe:2.3:a:netapp:oncommand_insight:-:::::::*
      • Vulnerabilities in: pkg:maven/org.springframework/spring-core@5.3.32 [CVE-2025-41249, CVE-2024-22259, CVE-2024-38820, CVE-2024-38808] (osv-bomber,osv-scan,owasp)
        ·
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
        · cpe:2.3:a:vmware:spring_framework::::::::
        · cpe:2.3:a:netapp:oncommand_insight:-:::::::*
      • Vulnerabilities in: pkg:maven/org.springframework/spring-webmvc@5.3.32 [CVE-2024-38816, CVE-2024-38819, CVE-2025-41242, CVE-2024-38828] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.springframework/spring-context@5.3.32 [CVE-2024-38820, CVE-2025-22233] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.springframework/spring-expression@5.3.32 [CVE-2024-38808] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/ch.qos.logback/logback-core@1.2.13 [CVE-2025-11226, CVE-2024-12801, CVE-2024-12798, CVE-2026-1225] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.springframework.boot/spring-boot@2.7.18 [CVE-2025-22235] (osv-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:npm/vite@3.2.10#packages/vite [CVE-2025-32395, CVE-2025-31125, CVE-2024-45812, CVE-2025-46565, CVE-2025-62522, CVE-2024-45811, CVE-2025-58751, CVE-2025-58752, CVE-2025-24010, CVE-2025-30208, CVE-2025-31486] (osv-bomber)
        ·
      • Vulnerabilities in: pkg:npm/path-to-regexp@2.4.0 [CVE-2024-45296] (osv-bomber,oss-bomber,osv-scan)
        ·
      • Vulnerabilities in: pkg:npm/esbuild@0.15.18 [GHSA-67mh-4wv8-2f99] (osv-bomber)
        ·
      • Vulnerabilities in: pkg:npm/async@3.2.2 [CVE-2024-39249] (oss-bomber)
        ·
      • Vulnerabilities in: pkg:npm/libxmljs2@0.37.0 [CVE-2024-34393, CVE-2024-34394] (oss-bomber)
        ·
      • Vulnerabilities in: pkg:maven/com.vaadin/vaadin-server@23.4.1 [CVE-2025-15022] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/com.vaadin/vaadin@23.4.1 [CVE-2025-15022] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/com.vaadin/vaadin-server@23.4-SNAPSHOT [CVE-2025-15022] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/com.vaadin/vaadin-spreadsheet-flow@23.4-SNAPSHOT [CVE-2025-15022] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.commons/commons-fileupload2-core@1.5 [CVE-2025-48976] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/commons-lang/commons-lang@3.12.0 [CVE-2025-48924] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.83 [BIT-tomcat-2024-56337, CVE-2024-56337, BIT-tomcat-2025-49124, CVE-2025-49124, BIT-tomcat-2024-50379, CVE-2024-50379, BIT-tomcat-2025-24813, CVE-2025-24813, BIT-tomcat-2025-31651, CVE-2025-31651, BIT-tomcat-2025-46701, CVE-2025-46701, BIT-tomcat-2025-48988, CVE-2025-48988, BIT-tomcat-2025-61795, CVE-2025-61795, BIT-tomcat-2025-55754, CVE-2025-55754, BIT-tomcat-2025-49125, CVE-2025-49125, BIT-tomcat-2025-55752, CVE-2025-55752] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat-embed-core@9.0.83 [BIT-tomcat-2024-56337, CVE-2024-56337] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.83 [BIT-tomcat-2025-31650, CVE-2025-31650, BIT-tomcat-2024-24549, CVE-2024-24549, BIT-tomcat-2025-48989, CVE-2025-48989, BIT-tomcat-2024-34750, CVE-2024-34750] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat@9.0.83 [BIT-tomcat-2025-49124, CVE-2025-49124, BIT-tomcat-2025-61795, CVE-2025-61795, BIT-tomcat-2025-55754, CVE-2025-55754, BIT-tomcat-2025-55752, CVE-2025-55752] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.tomcat/tomcat-websocket@9.0.83 [BIT-tomcat-2024-23672, CVE-2024-23672] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.springframework/spring-webflux@5.3.32 [CVE-2024-38816, CVE-2024-38819] (osv-scan)
        ·
      • Vulnerabilities in: pkg:npm/vite@3.2.10 [CVE-2025-32395, CVE-2025-31125, CVE-2024-45812, CVE-2025-46565, CVE-2025-62522, CVE-2024-45811, CVE-2025-58751, CVE-2025-58752, CVE-2025-24010, CVE-2025-30208, CVE-2025-31486] (osv-scan)
        ·
      • Vulnerabilities in: pkg:maven/org.apache.logging.log4j/log4j-api@2.18.0 [CVE-2025-68161] (owasp)
        · cpe:2.3:a:apache:log4j::::::::
        · cpe:2.3:a:apache:log4j:2.0:-::::::
        · cpe:2.3:a:apache:log4j:2.0:beta9::::::
        · cpe:2.3:a:apache:log4j:2.0:rc1::::::
        · cpe:2.3:a:apache:log4j:2.0:rc1-rc1::::::
        · cpe:2.3:a:apache:log4j:2.0:rc2::::::
      • Vulnerabilities in: pkg:maven/org.apache.poi/poi@5.2.3 [CVE-2025-31672] (owasp)
        · cpe:2.3:a:apache:poi::::::::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
        · cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::

  • 🟠 Changes in 23.4-SNAPSHOT since V23.4.1

    • 12 packages removed (12 external, 0 vaadin)
    • 9 packages added (9 external, 0 vaadin)
    • 192 packages modified (173 external, 19 vaadin)
    • 603 packages same (446 external, 157 vaadin)

[Click for more Details]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZheSun88