Adding fixed events for thingsboard (#11294)

* Adding Fixed Advisory GHSA-27hp-xhwr-wr2m for thingsboard * Adding Fixed Advisory GHSA-5j33-cvvr-w245 for thingsboard * Adding Fixed Advisory GHSA-mfj5-cf8g-g2fv for thingsboard --------- Co-authored-by: octo-sts[bot] <[email protected]>
wolfi-dev · Jan 16, 2025 · 5e9f4dd · 5e9f4dd
1 parent 8366bab
commit 5e9f4dd
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/thingsboard.advisories.yaml b/thingsboard.advisories.yaml
@@ -109,6 +109,10 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
             scanner: grype
+      - timestamp: 2025-01-16T23:17:43Z
+        type: fixed
+        data:
+          fixed-version: 3.9-r1
 
   - id: CGA-63mv-w982-8q6x
     aliases:
@@ -149,6 +153,10 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
             scanner: grype
+      - timestamp: 2025-01-16T23:17:42Z
+        type: fixed
+        data:
+          fixed-version: 3.9-r1
 
   - id: CGA-6xwj-3x88-p9hm
     aliases:
@@ -265,6 +273,10 @@ advisories:
         type: pending-upstream-fix
         data:
           note: This CVE caused by async-http-client being brought in via Microsoft Azure SDK for Service Bus (version 3.6.7), which is used by ThingsBoard’s server-queue components, as a transitive dependency. This will require upstream maintainers to implement a remediation.
+      - timestamp: 2025-01-16T23:17:44Z
+        type: fixed
+        data:
+          fixed-version: 3.9-r1
 
   - id: CGA-9cw3-8w4j-827w
     aliases: