Skip to content

Jinjava Critical Vulnerability: upgrade to version 2.8.3#55

Merged
alexheifetz merged 1 commit intomainfrom
jinjava-critical-vulnerability
Feb 5, 2026
Merged

Jinjava Critical Vulnerability: upgrade to version 2.8.3#55
alexheifetz merged 1 commit intomainfrom
jinjava-critical-vulnerability

Conversation

@igordayen
Copy link
Contributor

@igordayen igordayen commented Feb 5, 2026

Overview

Please refer to Github report:

GHSA-gjx9-j8f8-7j74

Upgraded jinjava version from 2.8.1 to 2.8.3.

Rebuilt embabel-common:

embabel-common$ mvn dependency:tree|grep jinjava
[INFO] +- com.hubspot.jinjava:jinjava:jar:2.8.3:compile

Testing with embabel-agent requires changes:

https://github.com/embabel/embabel-agent/blob/main/pom.xml
    <parent>
        <groupId>com.embabel.build</groupId>
        <artifactId>embabel-build-parent</artifactId>
        <version>0.1.10</version> ==> 0.1.11-SNAPSHOT
    </parent>
    <groupId>com.embabel.agent</groupId>
    <artifactId>embabel-agent-parent</artifactId>
    <version>0.3.4-SNAPSHOT</version>

@igordayen igordayen requested a review from alexheifetz February 5, 2026 04:51
@igordayen igordayen changed the title Jinjava Ctitical Vulnerability: upgrade to version 2.8.3 Jinjava Critical Vulnerability: upgrade to version 2.8.3 Feb 5, 2026
@alexheifetz alexheifetz merged commit f864b2d into main Feb 5, 2026
3 checks passed
@alexheifetz alexheifetz deleted the jinjava-critical-vulnerability branch February 5, 2026 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexheifetz alexheifetz alexheifetz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@igordayen @alexheifetz