From eff1759a2fcf9dcfd7d9be49c2f023ab5aa7e2fe Mon Sep 17 00:00:00 2001 From: way zheng Date: Sat, 6 Dec 2025 21:26:15 -0800 Subject: [PATCH 01/10] add workaround to encyrpted files as well --- src/main/java/com/uid2/core/util/MetadataHelper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index 86dc577..f5f2e39 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -36,7 +36,7 @@ public static String getMetadataPathName(OperatorType operatorType, int siteId, StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); if (supportsDecryption) { // Check if decryption is possible - if (operatorType == OperatorType.PUBLIC ) //siteId_public folder + if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue())) { store = new EncryptedScope(new CloudPath(metadataPathName), siteId, true); } else //siteId_private folder From 8d60bca748a73904e5a53e9ff96ef9cd6451c1e6 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sun, 7 Dec 2025 05:55:49 +0000 Subject: [PATCH 02/10] [CI Pipeline] Released Snapshot version: 2.30.37-alpha-159-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cfec532..47d095a 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.30.36 + 2.30.37-alpha-159-SNAPSHOT UTF-8 From 2cb0bae7fefcbca63ad51a393d03ee44727f5a05 Mon Sep 17 00:00:00 2001 From: way zheng Date: Sat, 6 Dec 2025 21:58:32 -0800 Subject: [PATCH 03/10] vs scan --- .trivyignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.trivyignore b/.trivyignore index 8e88307..9f5c342 100644 --- a/.trivyignore +++ b/.trivyignore @@ -7,3 +7,7 @@ CVE-2025-59375 exp:2025-12-15 # UID2-6128 CVE-2025-55163 exp:2025-10-30 + +# UID2-6340 +CVE-2025-64720 exp:2026-06-05 +CVE-2025-65018 exp:2026-06-05 \ No newline at end of file From cbc5ab6de0dc73dc1699f2a6a2f98ed91c38e46c Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sun, 7 Dec 2025 06:01:50 +0000 Subject: [PATCH 04/10] [CI Pipeline] Released Snapshot version: 2.30.38-alpha-160-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 47d095a..3ca1c2c 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.30.37-alpha-159-SNAPSHOT + 2.30.38-alpha-160-SNAPSHOT UTF-8 From b04a853475eefde578910687f70904a2d857d42f Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sun, 7 Dec 2025 06:07:44 +0000 Subject: [PATCH 05/10] [CI Pipeline] Released Snapshot version: 2.30.39-alpha-161-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3ca1c2c..243ace1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.30.38-alpha-160-SNAPSHOT + 2.30.39-alpha-161-SNAPSHOT UTF-8 From e581c8cb0b50aea307905acb21fc5aa03c2e719d Mon Sep 17 00:00:00 2001 From: way zheng Date: Tue, 9 Dec 2025 12:16:09 -0800 Subject: [PATCH 06/10] clean up --- src/main/java/com/uid2/core/util/MetadataHelper.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index f5f2e39..f8e5cb1 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -36,8 +36,8 @@ public static String getMetadataPathName(OperatorType operatorType, int siteId, StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); if (supportsDecryption) { // Check if decryption is possible - if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue())) - { + if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue()))//siteId_public folder + { store = new EncryptedScope(new CloudPath(metadataPathName), siteId, true); } else //siteId_private folder { From 179d7272e091aeec2a51786854c6df3a0b8d7ece Mon Sep 17 00:00:00 2001 From: way zheng Date: Tue, 9 Dec 2025 12:19:14 -0800 Subject: [PATCH 07/10] clean up --- src/main/java/com/uid2/core/util/MetadataHelper.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index f8e5cb1..12fe825 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -36,8 +36,8 @@ public static String getMetadataPathName(OperatorType operatorType, int siteId, StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); if (supportsDecryption) { // Check if decryption is possible - if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue()))//siteId_public folder - { + if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue())) //siteId_public folder + { store = new EncryptedScope(new CloudPath(metadataPathName), siteId, true); } else //siteId_private folder { From 783576524c15167a4119ab2f5a64e4d164879383 Mon Sep 17 00:00:00 2001 From: way zheng Date: Tue, 9 Dec 2025 12:20:48 -0800 Subject: [PATCH 08/10] clean up --- .trivyignore | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.trivyignore b/.trivyignore index 9f5c342..33032b5 100644 --- a/.trivyignore +++ b/.trivyignore @@ -6,8 +6,4 @@ CVE-2025-59375 exp:2025-12-15 # UID2-6128 -CVE-2025-55163 exp:2025-10-30 - -# UID2-6340 -CVE-2025-64720 exp:2026-06-05 -CVE-2025-65018 exp:2026-06-05 \ No newline at end of file +CVE-2025-55163 exp:2025-10-30 \ No newline at end of file From 832cabb20a2a3c57e72fc19526793de7e4dd1c71 Mon Sep 17 00:00:00 2001 From: way zheng Date: Tue, 9 Dec 2025 12:21:23 -0800 Subject: [PATCH 09/10] clean up --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 243ace1..cfec532 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.30.39-alpha-161-SNAPSHOT + 2.30.36 UTF-8 From 3b8a9212be86aa958ebe1b90d6e4a4fb57cb5a03 Mon Sep 17 00:00:00 2001 From: way zheng Date: Tue, 9 Dec 2025 12:23:13 -0800 Subject: [PATCH 10/10] clean up --- .trivyignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.trivyignore b/.trivyignore index 33032b5..8e88307 100644 --- a/.trivyignore +++ b/.trivyignore @@ -6,4 +6,4 @@ CVE-2025-59375 exp:2025-12-15 # UID2-6128 -CVE-2025-55163 exp:2025-10-30 \ No newline at end of file +CVE-2025-55163 exp:2025-10-30