Fix vulnerability location org.jose4j.lang.HashUtil #8610

jandro996 · 2025-03-24T08:22:17Z

What Does This Do

Exclude org.jose4j.lang.HashUtil in iAST

Motivation

Additional Notes

Contributor Checklist

Format the title according the contribution guidelines
Assign the type: and (comp: or inst:) labels in addition to any usefull labels
Don't use close, fix or any linking keywords when referencing an issue.
Use solves instead, and assign the PR milestone to the issue
Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-57044

smola

Edited title, since this is not really a false positive.

pr-commenter · 2025-03-24T10:44:55Z

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-57044-3
git_commit_date	1742825749	1742890741
git_commit_sha	`51813bd`	`75dd719`
release_version	1.48.0-SNAPSHOT~51813bdfcb	1.48.0-SNAPSHOT~75dd719733

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742893635	1742893635
ci_job_id	862830767	862830767
ci_pipeline_id	59860040	59860040
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-jzzy7jrd-project-304-concurrent-0-mgy00x3f 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-jzzy7jrd-project-304-concurrent-0-mgy00x3f 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 66 metrics, 5 unstable metrics.

Startup time reports for petclinic

gantt title petclinic - global startup overhead: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section tracing Agent [baseline] (1.06 s) : 0, 1059736 Total [baseline] (10.481 s) : 0, 10481156 Agent [candidate] (1.052 s) : 0, 1051503 Total [candidate] (10.497 s) : 0, 10496923 section appsec Agent [baseline] (1.194 s) : 0, 1194373 Total [baseline] (10.721 s) : 0, 10721142 Agent [candidate] (1.198 s) : 0, 1198238 Total [candidate] (10.801 s) : 0, 10800926 section iast Agent [baseline] (1.18 s) : 0, 1179602 Total [baseline] (11.025 s) : 0, 11024884 Agent [candidate] (1.181 s) : 0, 1181473 Total [candidate] (11.043 s) : 0, 11043082 section profiling Agent [baseline] (1.281 s) : 0, 1281175 Total [baseline] (10.858 s) : 0, 10857626 Agent [candidate] (1.274 s) : 0, 1273975 Total [candidate] (10.895 s) : 0, 10894605

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.06 s	-
Agent	appsec	1.194 s	134.638 ms (12.7%)
Agent	iast	1.18 s	119.866 ms (11.3%)
Agent	profiling	1.281 s	221.44 ms (20.9%)
Total	tracing	10.481 s	-
Total	appsec	10.721 s	239.986 ms (2.3%)
Total	iast	11.025 s	543.728 ms (5.2%)
Total	profiling	10.858 s	376.47 ms (3.6%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.052 s	-
Agent	appsec	1.198 s	146.735 ms (14.0%)
Agent	iast	1.181 s	129.97 ms (12.4%)
Agent	profiling	1.274 s	222.472 ms (21.2%)
Total	tracing	10.497 s	-
Total	appsec	10.801 s	304.003 ms (2.9%)
Total	iast	11.043 s	546.159 ms (5.2%)
Total	profiling	10.895 s	397.683 ms (3.8%)

gantt title petclinic - break down per module: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (726.014 ms) : 0, 726014 BytebuddyAgent [candidate] (720.555 ms) : 0, 720555 GlobalTracer [baseline] (241.965 ms) : 0, 241965 GlobalTracer [candidate] (240.523 ms) : 0, 240523 AppSec [baseline] (55.404 ms) : 0, 55404 AppSec [candidate] (54.891 ms) : 0, 54891 Debugger [baseline] (5.182 ms) : 0, 5182 Debugger [candidate] (5.202 ms) : 0, 5202 Remote Config [baseline] (718.973 µs) : 0, 719 Remote Config [candidate] (707.64 µs) : 0, 708 Telemetry [baseline] (14.263 ms) : 0, 14263 Telemetry [candidate] (13.577 ms) : 0, 13577 section appsec BytebuddyAgent [baseline] (740.222 ms) : 0, 740222 BytebuddyAgent [candidate] (742.957 ms) : 0, 742957 GlobalTracer [baseline] (237.341 ms) : 0, 237341 GlobalTracer [candidate] (238.174 ms) : 0, 238174 AppSec [baseline] (176.116 ms) : 0, 176116 AppSec [candidate] (176.722 ms) : 0, 176722 Debugger [baseline] (4.32 ms) : 0, 4320 Debugger [candidate] (4.333 ms) : 0, 4333 Remote Config [baseline] (652.882 µs) : 0, 653 Remote Config [candidate] (654.152 µs) : 0, 654 Telemetry [baseline] (8.911 ms) : 0, 8911 Telemetry [candidate] (8.625 ms) : 0, 8625 IAST [baseline] (21.416 ms) : 0, 21416 IAST [candidate] (21.344 ms) : 0, 21344 section iast BytebuddyAgent [baseline] (840.353 ms) : 0, 840353 BytebuddyAgent [candidate] (841.485 ms) : 0, 841485 GlobalTracer [baseline] (231.084 ms) : 0, 231084 GlobalTracer [candidate] (231.447 ms) : 0, 231447 AppSec [baseline] (55.877 ms) : 0, 55877 AppSec [candidate] (56.182 ms) : 0, 56182 Debugger [baseline] (4.177 ms) : 0, 4177 Debugger [candidate] (4.145 ms) : 0, 4145 Remote Config [baseline] (601.123 µs) : 0, 601 Remote Config [candidate] (589.504 µs) : 0, 590 Telemetry [baseline] (8.759 ms) : 0, 8759 Telemetry [candidate] (8.757 ms) : 0, 8757 IAST [baseline] (22.812 ms) : 0, 22812 IAST [candidate] (22.901 ms) : 0, 22901 section profiling ProfilingAgent [baseline] (102.486 ms) : 0, 102486 ProfilingAgent [candidate] (102.383 ms) : 0, 102383 BytebuddyAgent [baseline] (716.046 ms) : 0, 716046 BytebuddyAgent [candidate] (711.31 ms) : 0, 711310 GlobalTracer [baseline] (352.186 ms) : 0, 352186 GlobalTracer [candidate] (351.25 ms) : 0, 351250 AppSec [baseline] (54.51 ms) : 0, 54510 AppSec [candidate] (53.504 ms) : 0, 53504 Debugger [baseline] (4.263 ms) : 0, 4263 Debugger [candidate] (4.262 ms) : 0, 4262 Remote Config [baseline] (701.167 µs) : 0, 701 Remote Config [candidate] (714.265 µs) : 0, 714 Telemetry [baseline] (8.899 ms) : 0, 8899 Telemetry [candidate] (8.933 ms) : 0, 8933 Profiling [baseline] (102.65 ms) : 0, 102650 Profiling [candidate] (102.409 ms) : 0, 102409

Startup time reports for insecure-bank

gantt title insecure-bank - global startup overhead: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section tracing Agent [baseline] (1.053 s) : 0, 1052914 Total [baseline] (8.716 s) : 0, 8715777 Agent [candidate] (1.058 s) : 0, 1058477 Total [candidate] (8.728 s) : 0, 8727993 section iast Agent [baseline] (1.178 s) : 0, 1178077 Total [baseline] (9.224 s) : 0, 9223600 Agent [candidate] (1.181 s) : 0, 1180955 Total [candidate] (9.24 s) : 0, 9240379 section iast_HARDCODED_SECRET_DISABLED Agent [baseline] (1.181 s) : 0, 1180561 Total [baseline] (9.252 s) : 0, 9252194 Agent [candidate] (1.182 s) : 0, 1182261 Total [candidate] (9.233 s) : 0, 9233074 section iast_TELEMETRY_OFF Agent [baseline] (1.174 s) : 0, 1173834 Total [baseline] (9.222 s) : 0, 9222105 Agent [candidate] (1.174 s) : 0, 1174221 Total [candidate] (9.225 s) : 0, 9224634

baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	iast	1.178 s	125.164 ms (11.9%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.181 s	127.647 ms (12.1%)
Agent	iast_TELEMETRY_OFF	1.174 s	120.92 ms (11.5%)
Total	tracing	8.716 s	-
Total	iast	9.224 s	507.822 ms (5.8%)
Total	iast_HARDCODED_SECRET_DISABLED	9.252 s	536.417 ms (6.2%)
Total	iast_TELEMETRY_OFF	9.222 s	506.327 ms (5.8%)

candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.058 s	-
Agent	iast	1.181 s	122.478 ms (11.6%)
Agent	iast_HARDCODED_SECRET_DISABLED	1.182 s	123.784 ms (11.7%)
Agent	iast_TELEMETRY_OFF	1.174 s	115.744 ms (10.9%)
Total	tracing	8.728 s	-
Total	iast	9.24 s	512.387 ms (5.9%)
Total	iast_HARDCODED_SECRET_DISABLED	9.233 s	505.081 ms (5.8%)
Total	iast_TELEMETRY_OFF	9.225 s	496.641 ms (5.7%)

gantt title insecure-bank - break down per module: candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section tracing BytebuddyAgent [baseline] (721.153 ms) : 0, 721153 BytebuddyAgent [candidate] (724.813 ms) : 0, 724813 GlobalTracer [baseline] (240.459 ms) : 0, 240459 GlobalTracer [candidate] (241.948 ms) : 0, 241948 AppSec [baseline] (54.862 ms) : 0, 54862 AppSec [candidate] (54.642 ms) : 0, 54642 Debugger [baseline] (4.429 ms) : 0, 4429 Debugger [candidate] (4.45 ms) : 0, 4450 Remote Config [baseline] (781.507 µs) : 0, 782 Remote Config [candidate] (718.49 µs) : 0, 718 Telemetry [baseline] (15.173 ms) : 0, 15173 Telemetry [candidate] (15.799 ms) : 0, 15799 section iast BytebuddyAgent [baseline] (839.596 ms) : 0, 839596 BytebuddyAgent [candidate] (841.037 ms) : 0, 841037 GlobalTracer [baseline] (230.426 ms) : 0, 230426 GlobalTracer [candidate] (231.192 ms) : 0, 231192 IAST [baseline] (22.733 ms) : 0, 22733 IAST [candidate] (22.976 ms) : 0, 22976 AppSec [baseline] (55.852 ms) : 0, 55852 AppSec [candidate] (56.181 ms) : 0, 56181 Debugger [baseline] (4.13 ms) : 0, 4130 Debugger [candidate] (4.2 ms) : 0, 4200 Remote Config [baseline] (598.837 µs) : 0, 599 Remote Config [candidate] (605.829 µs) : 0, 606 Telemetry [baseline] (8.735 ms) : 0, 8735 Telemetry [candidate] (8.727 ms) : 0, 8727 section iast_HARDCODED_SECRET_DISABLED BytebuddyAgent [baseline] (840.533 ms) : 0, 840533 BytebuddyAgent [candidate] (841.476 ms) : 0, 841476 GlobalTracer [baseline] (230.592 ms) : 0, 230592 GlobalTracer [candidate] (231.686 ms) : 0, 231686 IAST [baseline] (23.154 ms) : 0, 23154 IAST [candidate] (23.092 ms) : 0, 23092 AppSec [baseline] (56.562 ms) : 0, 56562 AppSec [candidate] (56.377 ms) : 0, 56377 Debugger [baseline] (4.19 ms) : 0, 4190 Debugger [candidate] (4.182 ms) : 0, 4182 Remote Config [baseline] (610.034 µs) : 0, 610 Remote Config [candidate] (609.734 µs) : 0, 610 Telemetry [baseline] (8.832 ms) : 0, 8832 Telemetry [candidate] (8.817 ms) : 0, 8817 section iast_TELEMETRY_OFF BytebuddyAgent [baseline] (835.544 ms) : 0, 835544 BytebuddyAgent [candidate] (835.98 ms) : 0, 835980 GlobalTracer [baseline] (230.079 ms) : 0, 230079 GlobalTracer [candidate] (230.336 ms) : 0, 230336 IAST [baseline] (22.37 ms) : 0, 22370 IAST [candidate] (22.536 ms) : 0, 22536 AppSec [baseline] (56.347 ms) : 0, 56347 AppSec [candidate] (55.918 ms) : 0, 55918 Debugger [baseline] (4.167 ms) : 0, 4167 Debugger [candidate] (4.166 ms) : 0, 4166 Remote Config [baseline] (605.875 µs) : 0, 606 Remote Config [candidate] (608.339 µs) : 0, 608 Telemetry [baseline] (8.706 ms) : 0, 8706 Telemetry [candidate] (8.599 ms) : 0, 8599

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
end_time	2025-03-25T08:39:30	2025-03-25T08:47:13
git_branch	master	alejandro.gonzalez/APPSEC-57044-3
git_commit_date	1742825749	1742890741
git_commit_sha	`51813bd`	`75dd719`
release_version	1.48.0-SNAPSHOT~51813bdfcb	1.48.0-SNAPSHOT~75dd719733
start_time	2025-03-25T08:39:16	2025-03-25T08:46:59

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1742892830	1742892830
ci_job_id	862830768	862830768
ci_pipeline_id	59860040	59860040
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-5gca-jya-project-304-concurrent-0-d9w5xtrn 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-5gca-jya-project-304-concurrent-0-d9w5xtrn 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	iast	iast

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 16 unstable metrics.

Request duration reports for petclinic

gantt title petclinic - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section baseline no_agent (1.359 ms) : 1339, 1378 . : milestone, 1359, appsec (1.717 ms) : 1694, 1739 . : milestone, 1717, appsec_no_iast (1.73 ms) : 1707, 1753 . : milestone, 1730, code_origins (1.656 ms) : 1629, 1682 . : milestone, 1656, iast (1.514 ms) : 1490, 1539 . : milestone, 1514, profiling (1.521 ms) : 1498, 1544 . : milestone, 1521, tracing (1.496 ms) : 1471, 1520 . : milestone, 1496, section candidate no_agent (1.346 ms) : 1327, 1365 . : milestone, 1346, appsec (1.732 ms) : 1708, 1756 . : milestone, 1732, appsec_no_iast (1.731 ms) : 1708, 1755 . : milestone, 1731, code_origins (1.672 ms) : 1644, 1700 . : milestone, 1672, iast (1.526 ms) : 1502, 1550 . : milestone, 1526, profiling (1.502 ms) : 1478, 1525 . : milestone, 1502, tracing (1.508 ms) : 1484, 1532 . : milestone, 1508,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.359 ms [1.339 ms, 1.378 ms]	-
appsec	1.717 ms [1.694 ms, 1.739 ms]	358.021 µs (26.4%)
appsec_no_iast	1.73 ms [1.707 ms, 1.753 ms]	371.278 µs (27.3%)
code_origins	1.656 ms [1.629 ms, 1.682 ms]	296.875 µs (21.9%)
iast	1.514 ms [1.49 ms, 1.539 ms]	155.497 µs (11.4%)
profiling	1.521 ms [1.498 ms, 1.544 ms]	161.959 µs (11.9%)
tracing	1.496 ms [1.471 ms, 1.52 ms]	137.098 µs (10.1%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.346 ms [1.327 ms, 1.365 ms]	-
appsec	1.732 ms [1.708 ms, 1.756 ms]	386.125 µs (28.7%)
appsec_no_iast	1.731 ms [1.708 ms, 1.755 ms]	385.025 µs (28.6%)
code_origins	1.672 ms [1.644 ms, 1.7 ms]	325.741 µs (24.2%)
iast	1.526 ms [1.502 ms, 1.55 ms]	180.036 µs (13.4%)
profiling	1.502 ms [1.478 ms, 1.525 ms]	155.471 µs (11.5%)
tracing	1.508 ms [1.484 ms, 1.532 ms]	162.088 µs (12.0%)

Request duration reports for insecure-bank

gantt title insecure-bank - request duration [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section baseline no_agent (383.882 µs) : 364, 404 . : milestone, 384, iast (507.048 µs) : 485, 529 . : milestone, 507, iast_FULL (732.296 µs) : 710, 754 . : milestone, 732, iast_GLOBAL (557.405 µs) : 536, 579 . : milestone, 557, iast_HARDCODED_SECRET_DISABLED (511.48 µs) : 490, 533 . : milestone, 511, iast_INACTIVE (470.92 µs) : 450, 492 . : milestone, 471, iast_TELEMETRY_OFF (500.899 µs) : 479, 523 . : milestone, 501, tracing (461.048 µs) : 439, 483 . : milestone, 461, section candidate no_agent (380.466 µs) : 359, 402 . : milestone, 380, iast (512.104 µs) : 490, 534 . : milestone, 512, iast_FULL (732.649 µs) : 711, 755 . : milestone, 733, iast_GLOBAL (556.431 µs) : 535, 578 . : milestone, 556, iast_HARDCODED_SECRET_DISABLED (509.447 µs) : 488, 531 . : milestone, 509, iast_INACTIVE (463.869 µs) : 443, 485 . : milestone, 464, iast_TELEMETRY_OFF (502.674 µs) : 480, 525 . : milestone, 503, tracing (451.943 µs) : 431, 473 . : milestone, 452,

baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	383.882 µs [364.021 µs, 403.742 µs]	-
iast	507.048 µs [485.495 µs, 528.601 µs]	123.167 µs (32.1%)
iast_FULL	732.296 µs [710.307 µs, 754.285 µs]	348.414 µs (90.8%)
iast_GLOBAL	557.405 µs [535.977 µs, 578.834 µs]	173.524 µs (45.2%)
iast_HARDCODED_SECRET_DISABLED	511.48 µs [489.948 µs, 533.012 µs]	127.598 µs (33.2%)
iast_INACTIVE	470.92 µs [449.502 µs, 492.338 µs]	87.038 µs (22.7%)
iast_TELEMETRY_OFF	500.899 µs [478.998 µs, 522.8 µs]	117.018 µs (30.5%)
tracing	461.048 µs [439.474 µs, 482.622 µs]	77.166 µs (20.1%)

candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	380.466 µs [358.811 µs, 402.121 µs]	-
iast	512.104 µs [490.233 µs, 533.976 µs]	131.638 µs (34.6%)
iast_FULL	732.649 µs [710.678 µs, 754.619 µs]	352.183 µs (92.6%)
iast_GLOBAL	556.431 µs [534.96 µs, 577.903 µs]	175.965 µs (46.2%)
iast_HARDCODED_SECRET_DISABLED	509.447 µs [487.689 µs, 531.205 µs]	128.981 µs (33.9%)
iast_INACTIVE	463.869 µs [442.766 µs, 484.972 µs]	83.403 µs (21.9%)
iast_TELEMETRY_OFF	502.674 µs [480.437 µs, 524.911 µs]	122.208 µs (32.1%)
tracing	451.943 µs [431.305 µs, 472.58 µs]	71.477 µs (18.8%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/APPSEC-57044-3
git_commit_date	1742825749	1742890741
git_commit_sha	`51813bd`	`75dd719`
release_version	1.48.0-SNAPSHOT~51813bdfcb	1.48.0-SNAPSHOT~75dd719733

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1742893312	1742893312
ci_job_id	862830769	862830769
ci_pipeline_id	59860040	59860040
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-jzzy7jrd-project-304-concurrent-1-834ygnfu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-jzzy7jrd-project-304-concurrent-1-834ygnfu 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
variant	appsec	appsec

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 0 unstable metrics.

Execution time for tomcat

gantt title tomcat - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section baseline no_agent (1.471 ms) : 1460, 1483 . : milestone, 1471, appsec (2.34 ms) : 2297, 2384 . : milestone, 2340, iast (2.128 ms) : 2072, 2183 . : milestone, 2128, iast_GLOBAL (2.173 ms) : 2117, 2229 . : milestone, 2173, profiling (1.982 ms) : 1938, 2027 . : milestone, 1982, tracing (1.956 ms) : 1913, 1998 . : milestone, 1956, section candidate no_agent (1.48 ms) : 1468, 1491 . : milestone, 1480, appsec (2.335 ms) : 2292, 2379 . : milestone, 2335, iast (2.124 ms) : 2069, 2179 . : milestone, 2124, iast_GLOBAL (2.163 ms) : 2108, 2219 . : milestone, 2163, profiling (1.973 ms) : 1929, 2017 . : milestone, 1973, tracing (1.951 ms) : 1909, 1994 . : milestone, 1951,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.471 ms [1.46 ms, 1.483 ms]	-
appsec	2.34 ms [2.297 ms, 2.384 ms]	868.928 µs (59.1%)
iast	2.128 ms [2.072 ms, 2.183 ms]	656.419 µs (44.6%)
iast_GLOBAL	2.173 ms [2.117 ms, 2.229 ms]	701.823 µs (47.7%)
profiling	1.982 ms [1.938 ms, 2.027 ms]	511.232 µs (34.7%)
tracing	1.956 ms [1.913 ms, 1.998 ms]	484.357 µs (32.9%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.48 ms [1.468 ms, 1.491 ms]	-
appsec	2.335 ms [2.292 ms, 2.379 ms]	855.534 µs (57.8%)
iast	2.124 ms [2.069 ms, 2.179 ms]	644.186 µs (43.5%)
iast_GLOBAL	2.163 ms [2.108 ms, 2.219 ms]	683.394 µs (46.2%)
profiling	1.973 ms [1.929 ms, 2.017 ms]	492.977 µs (33.3%)
tracing	1.951 ms [1.909 ms, 1.994 ms]	471.416 µs (31.9%)

Execution time for biojava

gantt title biojava - execution time [CI 0.99] : candidate=1.48.0-SNAPSHOT~75dd719733, baseline=1.48.0-SNAPSHOT~51813bdfcb dateFormat X axisFormat %s section baseline no_agent (15.505 s) : 15505000, 15505000 . : milestone, 15505000, appsec (14.967 s) : 14967000, 14967000 . : milestone, 14967000, iast (18.304 s) : 18304000, 18304000 . : milestone, 18304000, iast_GLOBAL (17.464 s) : 17464000, 17464000 . : milestone, 17464000, profiling (15.075 s) : 15075000, 15075000 . : milestone, 15075000, tracing (15.086 s) : 15086000, 15086000 . : milestone, 15086000, section candidate no_agent (14.883 s) : 14883000, 14883000 . : milestone, 14883000, appsec (14.772 s) : 14772000, 14772000 . : milestone, 14772000, iast (19.248 s) : 19248000, 19248000 . : milestone, 19248000, iast_GLOBAL (17.669 s) : 17669000, 17669000 . : milestone, 17669000, profiling (15.244 s) : 15244000, 15244000 . : milestone, 15244000, tracing (15.295 s) : 15295000, 15295000 . : milestone, 15295000,

baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.505 s [15.505 s, 15.505 s]	-
appsec	14.967 s [14.967 s, 14.967 s]	-538.0 ms (-3.5%)
iast	18.304 s [18.304 s, 18.304 s]	2.799 s (18.1%)
iast_GLOBAL	17.464 s [17.464 s, 17.464 s]	1.959 s (12.6%)
profiling	15.075 s [15.075 s, 15.075 s]	-430.0 ms (-2.8%)
tracing	15.086 s [15.086 s, 15.086 s]	-419.0 ms (-2.7%)

candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.883 s [14.883 s, 14.883 s]	-
appsec	14.772 s [14.772 s, 14.772 s]	-111.0 ms (-0.7%)
iast	19.248 s [19.248 s, 19.248 s]	4.365 s (29.3%)
iast_GLOBAL	17.669 s [17.669 s, 17.669 s]	2.786 s (18.7%)
profiling	15.244 s [15.244 s, 15.244 s]	361.0 ms (2.4%)
tracing	15.295 s [15.295 s, 15.295 s]	412.0 ms (2.8%)

| Package | Type | Package file | Manager | Update | Change | |---|---|---|---|---|---| | org.flywaydb.flyway | plugin | misk/gradle/libs.versions.toml | gradle | minor | `11.6.0` -> `11.7.0` | | [com.squareup.okio:okio-fakefilesystem](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.squareup.okio:okio](https://github.com/square/okio) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `3.10.2` -> `3.11.0` | | [com.autonomousapps.dependency-analysis](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin) | plugin | misk/gradle/libs.versions.toml | gradle | minor | `2.15.0` -> `2.16.0` | | [com.datadoghq:dd-trace-api](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [com.datadoghq:dd-trace-ot](https://github.com/datadog/dd-trace-java) | dependencies | misk/gradle/libs.versions.toml | gradle | minor | `1.47.3` -> `1.48.1` | | [software.amazon.awssdk:sdk-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:sqs](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb-enhanced](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:dynamodb](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:aws-core](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:bom](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | | [software.amazon.awssdk:auth](https://aws.amazon.com/sdkforjava) | dependencies | misk/gradle/libs.versions.toml | gradle | patch | `2.31.18` -> `2.31.20` | --- ### Release Notes <details> <summary>square/okio (com.squareup.okio:okio-fakefilesystem)</summary> ### [`v3.11.0`](https://github.com/square/okio/blob/HEAD/CHANGELOG.md#Version-3110) *2025-04-09* - Fix: Clear the deflater's byte array reference - New: Faster implementation of `String.decodeHex()` on Kotlin/JS. - New: Declare `EXACTLY_ONCE` execution for blocks like `Closeable.use {}` and `FileSystem.read {}`. - Upgrade: \[Kotlin 2.1.20]\[kotlin\_2\_1\_20]. </details> <details> <summary>autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)</summary> ### [`v2.16.0`](https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin/blob/HEAD/CHANGELOG.md#Version-2160) - \[Feat]: support `com.android.test` projects. - \[Feat]: support typesafe project accessors with opt-in. ```kotlin dependencyAnalysis { useTypesafeProjectAccessors(true) // false by default } ``` </details> <details> <summary>datadog/dd-trace-java (com.datadoghq:dd-trace-api)</summary> ### [`v1.48.1`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.1): 1.48.1 ### Components #### Tracer internal logging - 🐛 Remove print line causing unnecessary logs ([#8687](DataDog/dd-trace-java#8687) - [@sarahchen6](https://github.com/sarahchen6)) ### [`v1.48.0`](https://github.com/DataDog/dd-trace-java/releases/tag/v1.48.0): 1.48.0 ### Known Bugs > \[!NOTE] > If you are experiencing issues with spamming timeout logs, please update to the [latest version](https://github.com/DataDog/dd-trace-java/releases/latest) or set [JDK_SOCKET_ENABLED](https://github.com/DataDog/dd-trace-java/blob/33fc3c9a9b7cda3beda88b8b3e5224ae2b10764a/dd-trace-api/src/main/java/datadog/trace/api/config/GeneralConfig.java#L98) to false. ### Components #### Application Security Management (IAST) - ✨ Fix vulnerability location org.jose4j.lang.HashUtil ([#8610](DataDog/dd-trace-java#8610) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak randomness in oracle.ucp.util.OpaqueString ([#8609](DataDog/dd-trace-java#8609) - [@jandro996](https://github.com/jandro996)) - ✨ Fix weak hash false positive in oracle.security.o5logon.O5Logon ([#8608](DataDog/dd-trace-java#8608) - [@jandro996](https://github.com/jandro996)) - 🐛 Prevent before callsites targeting constructors in super calls ([#8549](DataDog/dd-trace-java#8549) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### Application Security Management (WAF) - ✨ Update login events public SDK to V2 ([#8620](DataDog/dd-trace-java#8620) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#8573](DataDog/dd-trace-java#8573) - [@jandro996](https://github.com/jandro996)) - ✨ Improve detection of missing request end events ([#8510](DataDog/dd-trace-java#8510) - [@smola](https://github.com/smola)) - 🧹 Remove remote configuration for API Security sampling rate ([#8486](DataDog/dd-trace-java#8486) - [@smola](https://github.com/smola)) - ✨ Add setUser to user monitoring SDK ([#8482](DataDog/dd-trace-java#8482) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add missing address for signup event ([#8469](DataDog/dd-trace-java#8469) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Allow login events SDK to be used with appsec disabled ([#8464](DataDog/dd-trace-java#8464) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ Add support for endpoint discovery in spring mvc ([#8352](DataDog/dd-trace-java#8352) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) - ✨ New API Security sampling algorithm ([#8178](DataDog/dd-trace-java#8178) - [@ValentinZakharov](https://github.com/ValentinZakharov)) #### Build & Tooling - ✨ Add buffer size customizability to JDK UDS support ([#8629](DataDog/dd-trace-java#8629) - [@sarahchen6](https://github.com/sarahchen6)) - ✨ Add JDK built-in support for UDS on Java 16+ ([#8314](DataDog/dd-trace-java#8314) - [@sarahchen6](https://github.com/sarahchen6)) #### Configuration at Runtime - 🐛 Send RASP LFI capability only when AppSec is statically enabled ([#8573](DataDog/dd-trace-java#8573) - [@jandro996](https://github.com/jandro996)) #### Continuous Integration Visibility - 🐛 Prevent double reporting of Scalatest events when using SBT with test forking ([#8682](DataDog/dd-trace-java#8682) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Shutdown CI Visibility test event handlers before tracer ([#8677](DataDog/dd-trace-java#8677) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Do not apply JUnit 4 instrumentation to MUnit runners ([#8675](DataDog/dd-trace-java#8675), [#8683](DataDog/dd-trace-java#8683) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Remove error log when source path resolution fails on isModified check ([#8663](DataDog/dd-trace-java#8663) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Implement tests reordering for JUnit 4 ([#8650](DataDog/dd-trace-java#8650) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - 🐛 Set default Attempt to Fix retries if none provided from the backend ([#8615](DataDog/dd-trace-java#8615) - [@daniel-mohedano](https://github.com/daniel-mohedano)) - ✨ Allow to manually set PR info ([#8566](DataDog/dd-trace-java#8566) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - 🐛 Fix Test Optimization init when repo root cannot be determined ([#8533](DataDog/dd-trace-java#8533) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Add capabilities tagging ([#8499](DataDog/dd-trace-java#8499), [#8540](DataDog/dd-trace-java#8540) - [@daniel-mohedano](https://github.com/daniel-mohedano)) #### Crash tracking - 🐛 Remove dependency on bash from crash/oome uploder scripts ([#8652](DataDog/dd-trace-java#8652) - [@jbachorik](https://github.com/jbachorik)) #### Data Streams Monitoring - ✨ e2e pipeline configuration when data jobs is enabled ([#8553](DataDog/dd-trace-java#8553) - [@kr-igor](https://github.com/kr-igor)) #### Dynamic Instrumentation - 🐛 Fix In-Product when config is empty ([#8679](DataDog/dd-trace-java#8679) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add support for filtering shaded third-party libs ([#8612](DataDog/dd-trace-java#8612) - [@jpbempel](https://github.com/jpbempel)) - ✨ Add In-Product Enablement ([#8587](DataDog/dd-trace-java#8587) - [@jpbempel](https://github.com/jpbempel)) - ✨⚡ Reduce footprint of SourceFile tracking ([#8524](DataDog/dd-trace-java#8524) - [@jpbempel](https://github.com/jpbempel)) - ✨⚡ Optimize the SourceFile tracking ([#8520](DataDog/dd-trace-java#8520) - [@jpbempel](https://github.com/jpbempel)) #### OpenTracing - 🧹 Remove activeScope() use in OpenTracing shim ([#8478](DataDog/dd-trace-java#8478) - [@mcculls](https://github.com/mcculls)) #### Profiling - ✨ Add profiler env check command to AgentCLI ([#8671](DataDog/dd-trace-java#8671) - [@jbachorik](https://github.com/jbachorik)) - ✨ Bump ddprof to 1.23.0 ([#8668](DataDog/dd-trace-java#8668) - [@jbachorik](https://github.com/jbachorik)) - Fix a crash related to ElfParser::loadSymbolTable ([#191](DataDog/dd-trace-java#191)) by [@yanglong1010](https://github.com/yanglong1010) in DataDog/java-profiler#192 - Unwind String.indexOf intrinsic on AArch64 by [@MattAlp](https://github.com/MattAlp) in DataDog/java-profiler#193 - Fix Java 24 support by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#194 - A set of fixes related to clang, aarch64 and musl pecularities of vmstructs stack unwinder by [@jbachorik](https://github.com/jbachorik) in DataDog/java-profiler#199 - 🐛 Remove process information from JFR recording ([#8661](DataDog/dd-trace-java#8661) - [@r1viollet](https://github.com/r1viollet)) - 🐛 Make TempLocationManager USER aware ([#8605](DataDog/dd-trace-java#8605) - [@jbachorik](https://github.com/jbachorik)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#8561](DataDog/dd-trace-java#8561) - [@wmouchere](https://github.com/wmouchere)) #### Telemetry - 🐛 Fix appsec.rasp.error and appsec.waf.error telemetry metrics ([#8624](DataDog/dd-trace-java#8624) - [@jandro996](https://github.com/jandro996)) - ✨ Create metric: appsec.rasp.rule.skipped ([#8618](DataDog/dd-trace-java#8618) - [@jandro996](https://github.com/jandro996)) - ✨ Extract git tags from embedded git.properties and datadog_git.properties ([#8561](DataDog/dd-trace-java#8561) - [@wmouchere](https://github.com/wmouchere)) #### Testing - 🧹 Simplify ssi tests one-pipeline ([#8558](DataDog/dd-trace-java#8558) - [@robertomonteromiguel](https://github.com/robertomonteromiguel)) - ✨ Add smoke tests for java's concurrent API ([#8438](DataDog/dd-trace-java#8438) - [@sarahchen6](https://github.com/sarahchen6)) #### Trace context propagation - ✨ Adding Support for `TRACE_PROPAGATION_BEHAVIOR_EXTRACT` ([#8535](DataDog/dd-trace-java#8535) - [@mhlidd](https://github.com/mhlidd)) #### Tracer core - 🐛 Ensure shaded helpers have unique names ([#8559](DataDog/dd-trace-java#8559) - [@amarziali](https://github.com/amarziali)) - ✨ Support common config sources for user-provided git info ([#8547](DataDog/dd-trace-java#8547) - [@nikita-tkachenko-datadog](https://github.com/nikita-tkachenko-datadog)) - ✨ Make the default config sources more robust when a security manager is installed ([#8544](DataDog/dd-trace-java#8544) - [@mcculls](https://github.com/mcculls)) - ✨ Support targeting services with configurations in stable configuration file ([#8526](DataDog/dd-trace-java#8526) - [@mtoffl01](https://github.com/mtoffl01)) - ✨ Add new parser for `DD_TAGS` and prioritizing `DD_SERVICE` ([#8296](DataDog/dd-trace-java#8296) - [@mhlidd](https://github.com/mhlidd)) #### Tracer internal logging - 🐛 Add missing debug log for the cloudPayloadTaggingServices config ([#8600](DataDog/dd-trace-java#8600) - [@ygree](https://github.com/ygree)) - ✨ Add the possibility to output the logs of the Java tracer in JSON ([#8083](DataDog/dd-trace-java#8083) - [@cecile75](https://github.com/cecile75)) #### Tracer public API - ✨ Introducing `DD_TRACE_EXPERIMENTAL_FEATURES_ENABLED` Config ([#8536](DataDog/dd-trace-java#8536) - [@mhlidd](https://github.com/mhlidd)) - ✨ Config Consistency Round 2 ([#8489](DataDog/dd-trace-java#8489) - [@mhlidd](https://github.com/mhlidd)) ### Instrumentations #### - 🐛 Fix NPE in getMdcCopy of LoggingEventInstrumentation ([#8599](DataDog/dd-trace-java#8599) - [@ygree](https://github.com/ygree)) #### Apache Spark instrumentation - ✨ Instrument Runtime.exit() to finish spark application spans ([#8572](DataDog/dd-trace-java#8572) - [@paul-laffon-dd](https://github.com/paul-laffon-dd)) - ✨ Configure OpenLineage if present in Spark instrumentation ([#8541](DataDog/dd-trace-java#8541) - [@mobuchowski](https://github.com/mobuchowski)) #### Armeria Instrumentation - ✨ Support armeria grpc 1.32.3 ([#8606](DataDog/dd-trace-java#8606) - [@github-actions](https://github.com/github-actions)\[bot]) #### AWS DynamoDB Instrumentation - ✨ Create DynamoDB instrumentation + add span pointers for `updateItem` and `deleteItem` ([#8490](DataDog/dd-trace-java#8490) - [@nhulston](https://github.com/nhulston)) #### AWS SDK instrumentation - ✨ Add DynamoDB in DEFAULT_TRACE_CLOUD_PAYLOAD_TAGGING_SERVICES ([#8595](DataDog/dd-trace-java#8595) - [@joeyzhao2018](https://github.com/joeyzhao2018)) #### Azure Functions instrumentation - ✨ Enable tracer computed trace metrics by default for Azure Functions ([#8518](DataDog/dd-trace-java#8518) - [@duncanpharvey](https://github.com/duncanpharvey)) - 💡 Add azure-functions instrumentation ([#8432](DataDog/dd-trace-java#8432) - [@duncanpharvey](https://github.com/duncanpharvey)) #### Core Java language instrumentation - 🐛 Fix ForkJoinPool.execute() instrumentation on Java 21+ ([#8560](DataDog/dd-trace-java#8560) - [@PerfectSlayer](https://github.com/PerfectSlayer)) #### Eclipse Vert.x instrumentation - ✨ Add vertx postgresql client instrumentation ([#8471](DataDog/dd-trace-java#8471) - [@vandonr](https://github.com/vandonr) - thanks for the contribution!) #### Kafka instrumentation - ✨ Support and test kafka-clients 4 ([#8581](DataDog/dd-trace-java#8581) - [@amarziali](https://github.com/amarziali)) #### Kotlin instrumentation - ✨ Avoid disconnected traces when using Kotlin flowOn ([#8651](DataDog/dd-trace-java#8651) - [@mcculls](https://github.com/mcculls)) #### OpenTelemetry instrumentation - 🧹 Migrate OtelContext wrapper to new internal Context API ([#8645](DataDog/dd-trace-java#8645) - [@mcculls](https://github.com/mcculls)) #### Spring instrumentation - 🐛 Support CompletableFuture on spring webmvc controllers ([#8659](DataDog/dd-trace-java#8659) - [@amarziali](https://github.com/amarziali)) - ✨ Add support for endpoint discovery in spring mvc ([#8352](DataDog/dd-trace-java#8352) - [@manuel-alvarez-alvarez](https://github.com/manuel-alvarez-alvarez)) #### WebSocket Instrumentation - ✨ Instrument Jetty websocket pojo ([#8562](DataDog/dd-trace-java#8562) - [@amarziali](https://github.com/amarziali)) - 💡 Instrument Java Websocket API (JSR356) ([#8440](DataDog/dd-trace-java#8440) - [@amarziali](https://github.com/amarziali)) #### All other instrumentations - ✨ Introduce cache for peer.hostname lookup ([#8601](DataDog/dd-trace-java#8601) - [@mcculls](https://github.com/mcculls)) - ✨ Support pekko http 1.1 ([#8532](DataDog/dd-trace-java#8532) - [@amarziali](https://github.com/amarziali)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 6pm every weekday,before 2am every weekday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). GitOrigin-RevId: 331314f71acaced3adc75ea5d7e855c248d593fc

Exclude org.jose4j.lang.HashUtil

d1d1b3b

jandro996 added type: enhancement Enhancements and improvements comp: asm iast Application Security Management (IAST) labels Mar 24, 2025

jandro996 requested a review from a team as a code owner March 24, 2025 08:22

jandro996 requested review from manuel-alvarez-alvarez, robertpi and smola March 24, 2025 08:22

smola changed the title ~~Fix weak hash false positive in org.jose4j.lang.HashUtil~~ Fix vulnerability location org.jose4j.lang.HashUtil Mar 24, 2025

smola approved these changes Mar 24, 2025

View reviewed changes

manuel-alvarez-alvarez approved these changes Mar 24, 2025

View reviewed changes

Merge branch 'master' into alejandro.gonzalez/APPSEC-57044-3

d821692

jandro996 added 3 commits March 24, 2025 12:18

Merge branch 'master' into alejandro.gonzalez/APPSEC-57044-3

0e4b631

Merge branch 'master' into alejandro.gonzalez/APPSEC-57044-3

fdf454f

Merge branch 'master' into alejandro.gonzalez/APPSEC-57044-3

75dd719

jandro996 added this to the 1.48.0 milestone Mar 25, 2025

jandro996 merged commit 06605d7 into master Mar 25, 2025
246 of 269 checks passed

jandro996 deleted the alejandro.gonzalez/APPSEC-57044-3 branch March 25, 2025 11:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix vulnerability location org.jose4j.lang.HashUtil #8610

Fix vulnerability location org.jose4j.lang.HashUtil #8610

Uh oh!

jandro996 commented Mar 24, 2025 •

edited by atlassian bot

Loading

smola left a comment

pr-commenter bot commented Mar 24, 2025 •

edited

Loading

Uh oh!

Labels

3 participants

Fix vulnerability location org.jose4j.lang.HashUtil #8610

Fix vulnerability location org.jose4j.lang.HashUtil #8610

Uh oh!

Conversation

jandro996 commented Mar 24, 2025 • edited by atlassian bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What Does This Do

Motivation

Additional Notes

Contributor Checklist

smola left a comment

Choose a reason for hiding this comment

pr-commenter bot commented Mar 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Startup

Parameters

Summary

Load

Parameters

Summary

Dacapo

Parameters

Summary

Uh oh!

Labels

3 participants

jandro996 commented Mar 24, 2025 •

edited by atlassian bot

Loading

pr-commenter bot commented Mar 24, 2025 •

edited

Loading