Skip to content

fix(jackrabbit): CVE-2025-53689, CVE-2025-58782#1

Open
deepin-ci-robot wants to merge 2 commits into
masterfrom
fix/CVE-2025-53689-multi
Open

fix(jackrabbit): CVE-2025-53689, CVE-2025-58782#1
deepin-ci-robot wants to merge 2 commits into
masterfrom
fix/CVE-2025-53689-multi

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented May 20, 2026

Security Update

CVE-2025-53689

Blind XXE vulnerability in jackrabbit-spi-commons and jackrabbit-core. Fixed by securing DocumentBuilderFactory with XXE protection features and adding defense-in-depth EntityResolver.

CVE-2025-58782

Deserialization of untrusted data vulnerability in jackrabbit-core and jackrabbit-jcr-commons via JNDI. Fixed by making JNDI support opt-in (disabled by default).

Generated by AI

deepin-ci-robot and others added 2 commits May 20, 2026 19:49
@deepin-ci-robot @hudeng-go
fix(jackrabbit): CVE-2025-53689
714fd17 
Fix blind XXE vulnerability in jackrabbit-spi-commons and jackrabbit-core
by securing DocumentBuilderFactory with XXE protection features and
adding defense-in-depth EntityResolver.

Backport of upstream JCR-5165 (PR #263).

Upstream: apache/jackrabbit@8ea2349
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@deepin-ci-robot @hudeng-go
fix(jackrabbit): CVE-2025-58782
7b41555 
Fix deserialization of untrusted data vulnerability in jackrabbit-core
and jackrabbit-jcr-commons by making JNDI support opt-in. JNDI lookup
is now disabled by default and must be explicitly enabled with the
system property jackrabbit.jndi.enabled.

Backport of upstream JCR-5135 (PR #229).

Upstream: apache/jackrabbit@7a31909
Generated-By: glm-5.1
Co-Authored-By: hudeng <hudeng@deepin.org>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 20, 2026

TAG Bot

TAG: 2.20.3-1deepin2
EXISTED: no
DISTRIBUTION: unstable

@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented May 20, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zeno-sole for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hudeng-go
Copy link
Copy Markdown

hudeng-go commented May 21, 2026

/integrate

@deepin-community-ci-bot deepin-community-ci-bot Bot mentioned this pull request May 21, 2026
Open
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#4049
PrNumber: 4049
PrBranch: auto-integration-26199598061

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chenchongbiao chenchongbiao Awaiting requested review from chenchongbiao

@justforlxz justforlxz Awaiting requested review from justforlxz

Assignees

No one assigned

Labels

cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deepin-ci-robot @hudeng-go