From 5e9f4dda69a3322bcf390db1433535a031e505c2 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Thu, 16 Jan 2025 23:43:34 +0000
Subject: [PATCH] Adding fixed events for thingsboard (#11294)

* Adding Fixed Advisory GHSA-27hp-xhwr-wr2m for thingsboard

* Adding Fixed Advisory GHSA-5j33-cvvr-w245 for thingsboard

* Adding Fixed Advisory GHSA-mfj5-cf8g-g2fv for thingsboard

---------

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
---
 thingsboard.advisories.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/thingsboard.advisories.yaml b/thingsboard.advisories.yaml
index c8062d311..993349d6f 100644
--- a/thingsboard.advisories.yaml
+++ b/thingsboard.advisories.yaml
@@ -109,6 +109,10 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
             scanner: grype
+      - timestamp: 2025-01-16T23:17:43Z
+        type: fixed
+        data:
+          fixed-version: 3.9-r1
 
   - id: CGA-63mv-w982-8q6x
     aliases:
@@ -149,6 +153,10 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
             scanner: grype
+      - timestamp: 2025-01-16T23:17:42Z
+        type: fixed
+        data:
+          fixed-version: 3.9-r1
 
   - id: CGA-6xwj-3x88-p9hm
     aliases:
@@ -265,6 +273,10 @@ advisories:
         type: pending-upstream-fix
         data:
           note: This CVE caused by async-http-client being brought in via Microsoft Azure SDK for Service Bus (version 3.6.7), which is used by ThingsBoard’s server-queue components, as a transitive dependency. This will require upstream maintainers to implement a remediation.
+      - timestamp: 2025-01-16T23:17:44Z
+        type: fixed
+        data:
+          fixed-version: 3.9-r1
 
   - id: CGA-9cw3-8w4j-827w
     aliases: