story #15455 feat: upgrade CAS 6 to 7 #3439

Regzox · 2025-12-19T15:31:24Z

No description provided.

vitam-prg · 2025-12-19T15:47:37Z

Checkmarx One – Scan Summary & Details – b8ebc95e-4c9f-4138-8235-575ece8e9662

New Issues (46)

Checkmarx found the following issues in this Pull Request

#	Issue	Source File / Package	Checkmarx Insight
1	CVE-2019-17571	Maven-log4j:log4j-1.2.17	details Description: Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute ar... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2	CVE-2022-23305	Maven-log4j:log4j-1.2.17	details Description: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters fro... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3	CVE-2022-28890	Maven-org.apache.jena:jena-core-2.11.2	details Recommended version: 4.2.0 Description: A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena ve... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4	CVE-2024-50379	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits Remote Code Execution on case-insen... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5	CVE-2024-56337	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. Users running Tomcat on a case insensitive file system with the ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6	CVE-2025-24813	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution (RCE) and/or Information disclosure and/or malicious content added to... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7	CVE-2025-31651	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability was found within Apache Tomcat. For a subset of unlikely rewrite rule c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8	CVE-2025-41243	Maven-org.springframework.cloud:spring-cloud-gateway-server-4.3.0	details Recommended version: 4.3.2 Description: Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification in versions 3.1.0 through 3.1.10, 4.0.0 through 4... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9	CVE-2025-65482	Maven-fr.opensagres.xdocreport:fr.opensagres.xdocreport.document-2.0.3	details Recommended version: 2.0.4 Description: An XML External Entity (XXE) vulnerability in opensagres XDocReport versions 0.9.2 through 2.0.3 allows attackers to execute arbitrary code via upl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10	CVE-2017-9096	Maven-com.lowagie:itext-2.1.7	details Description: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML ext... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11	CVE-2021-39239	Maven-org.apache.jena:jena-core-2.11.2	details Recommended version: 4.2.0 Description: A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12	CVE-2021-4104	Maven-log4j:log4j-1.2.17	details Description: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The atta... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
13	CVE-2022-23302	Maven-log4j:log4j-1.2.17	details Description: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configurati... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14	CVE-2022-23307	Maven-log4j:log4j-1.2.17	details Description: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Lo... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
15	CVE-2023-26464	Maven-log4j:log4j-1.2.17	details Description: When using the Chainsaw or SocketAppender components with Log4j versions 1.0.4 prior to 2.0, an attacker that manages to cause a logging entry invo... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
16	CVE-2024-22233	Maven-org.springframework:spring-core-6.1.2	details Recommended version: 6.2.11 Description: In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-serv... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17	CVE-2024-22234	Maven-org.springframework.security:spring-security-core-6.2.1	details Recommended version: 6.2.8 Description: In Spring Security, versions 6.1.x prior to 6.1.7, 6.2.x prior to 6.2.2, and 6.3.0-M1 an application is vulnerable to broken access control when it... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
18	CVE-2024-22234	Maven-org.springframework.security:spring-security-web-6.2.1	details Recommended version: 6.2.8 Description: In Spring Security, versions 6.1.x prior to 6.1.7, 6.2.x prior to 6.2.2, and 6.3.0-M1 an application is vulnerable to broken access control when it... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
19	CVE-2024-57699	Maven-net.minidev:json-smart-2.5.0	details Recommended version: 2.5.2 Description: A security issue was found in Netplex Json-smart. When loading a specially crafted JSON input, containing a large number of "{", a stack exhaustion... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20	CVE-2025-24970	Maven-io.netty:netty-handler-4.1.104.Final	details Recommended version: 4.1.118.Final Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability in version 4.1.91.Final through 4.1.117.Final and 4.2.0.Alp... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21	CVE-2025-31650	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Improper Input Validation vulnerability was found in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in inc... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
22	CVE-2025-41253	Maven-org.springframework.cloud:spring-cloud-gateway-server-4.3.0	details Recommended version: 4.3.2 Description: The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system propertie... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
23	CVE-2025-46701	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
24	CVE-2025-48976	Maven-commons-fileupload:commons-fileupload-1.5	details Recommended version: 1.6.0 Description: Allocation of resources for multipart headers with insufficient limits enabled a Denial of Service (DoS) vulnerability in Apache Commons FileUpload... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
25	CVE-2025-48988	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat versions 9.0.0.M1 through 9.... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
26	CVE-2026-22610	Npm-@angular/core-19.2.17	details Recommended version: 19.2.18 Description: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versio... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
27	CVE-2026-22610	Npm-@angular/compiler-19.2.17	details Recommended version: 19.2.18 Description: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versio... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
28	CVE-2026-25128	Npm-fast-xml-parser-5.3.3	details Recommended version: 5.3.4 Description: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
29	Client_DOM_XSS	/cas/cas-server/src/main/resources/static/js/duo/Duo-Web-v2.min.js: 136	details The method B embeds untrusted data in generated output with appendChild, at line 193 of /cas/cas-server/src/main/resources/static/js/duo/Duo-Web... Attack Vector
30	CVE-2024-12798	Maven-ch.qos.logback:logback-classic-1.4.14	details Recommended version: 1.5.13 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
31	CVE-2024-12798	Maven-ch.qos.logback:logback-core-1.4.14	details Recommended version: 1.5.25 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
32	CVE-2024-29025	Maven-io.netty:netty-codec-http-4.1.104.Final	details Recommended version: 4.1.129.Final Description: Netty is an asynchronous event-driven network application framework for the rapid development of maintainable high-performance protocol servers & c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
33	CVE-2025-31672	Maven-org.apache.poi:poi-ooxml-5.2.5	details Recommended version: 5.4.0 Description: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file for... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
34	CVE-2025-41234	Maven-org.springframework:spring-web-6.1.2	details Recommended version: 6.1.21 Description: In Spring Framework, versions 6.0.x through 6.0.28, 6.1.x through 6.1.20, 6.2.x through 6.2.7, and 7.x through 7.0.0-m5, an application is vulnerab... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
35	CVE-2025-46392	Maven-commons-configuration:commons-configuration-1.10	details Description: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration versions 1.x. There are a number of issues in Apache Commons Confi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
36	CVE-2025-49125	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using `PreResources` or `PostResources` mounted other... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
37	CVE-2025-55668	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.31	details Recommended version: 10.1.47 Description: Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects org.apache.tomcat:tomcat-catalina: versions from 8.0.0-RC1 th... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
38	CVE-2025-7962	Maven-org.eclipse.angus:jakarta.mail-2.0.2	details Recommended version: 2.0.4 Description: In Jakarta Mail through 2.0.3 it is possible to preform a SMTP Injection by utilizing the"\r" and "\n" UTF-8 characters to separate different messa... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (180)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2016-1000027~~	Maven-org.springframework:spring-web-5.3.22
	~~CVE-2016-1000027~~	Maven-org.springframework:spring-webmvc-5.3.22
	~~CVE-2022-1471~~	Maven-org.yaml:snakeyaml-1.31
	~~CVE-2022-31692~~	Maven-org.springframework.security:spring-security-core-5.7.3
	~~CVE-2023-20873~~	Maven-org.springframework.boot:spring-boot-actuator-autoconfigure-2.7.3
	~~CVE-2023-34034~~	Maven-org.springframework.security:spring-security-config-5.7.3
	~~CVE-2023-34034~~	Maven-org.springframework.security:spring-security-web-5.7.3
	~~CVE-2012-0881~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2013-4002~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2022-31690~~	Maven-org.springframework.security:spring-security-web-5.7.3
	~~CVE-2022-40152~~	Maven-com.fasterxml.woodstox:woodstox-core-6.2.6
	~~CVE-2022-42003~~	Maven-com.fasterxml.jackson.core:jackson-databind-2.13.4
	~~CVE-2022-45688~~	Maven-org.json:json-20160810
	~~CVE-2022-45689~~	Maven-org.json:json-20160810
	~~CVE-2022-45690~~	Maven-org.json:json-20160810
	~~CVE-2023-1370~~	Maven-net.minidev:json-smart-2.4.8
	~~CVE-2023-20860~~	Maven-org.springframework:spring-webmvc-5.3.22
	~~CVE-2023-2976~~	Maven-com.google.guava:guava-30.1.1-jre
	~~CVE-2023-31582~~	Maven-org.bitbucket.b_c:jose4j-0.8.0
	~~CVE-2023-33265~~	Maven-com.hazelcast:hazelcast-5.1.3
	~~CVE-2023-34620~~	Maven-org.hjson:hjson-3.0.0
	~~CVE-2023-38286~~	Maven-org.thymeleaf:thymeleaf-3.0.15.RELEASE
	~~CVE-2023-39685~~	Maven-org.hjson:hjson-3.0.0
	~~CVE-2023-45859~~	Maven-com.hazelcast:hazelcast-5.1.3
	~~CVE-2023-45860~~	Maven-com.hazelcast:hazelcast-sql-5.1.3
	~~CVE-2023-45860~~	Maven-com.hazelcast:hazelcast-5.1.3
	~~CVE-2023-46120~~	Maven-com.rabbitmq:amqp-client-5.15.0
	~~CVE-2023-5072~~	Maven-org.json:json-20160810
	~~CVE-2023-51775~~	Maven-org.bitbucket.b_c:jose4j-0.8.0
	~~CVE-2023-52428~~	Maven-com.nimbusds:nimbus-jose-jwt-9.24.3
	~~CVE-2024-21634~~	Maven-software.amazon.ion:ion-java-1.0.2
	~~CVE-2025-52999~~	Maven-com.fasterxml.jackson.core:jackson-core-2.13.4
	~~Cx08fcacc9-cb99~~	Maven-org.json:json-20160810
	~~Cx2906ba70-607a~~	Maven-org.json:json-20160810
	~~Cx8bc13cba-30bf~~	Maven-org.bitbucket.b_c:jose4j-0.8.0
	~~Cxdb5a1032-eda2~~	Maven-org.json:json-20160810
	~~CVE-2009-2625~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2015-9251~~	Maven-org.webjars:jquery-1.12.0
	~~CVE-2017-10355~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2018-2799~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2019-11358~~	Maven-org.webjars:jquery-1.12.0
	~~CVE-2020-11023~~	Maven-org.webjars:jquery-1.12.0
	~~CVE-2020-14338~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2020-15250~~	Maven-junit:junit-4.13
	~~CVE-2021-28170~~	Maven-org.glassfish.web:el-impl-2.2
	~~CVE-2022-22976~~	Maven-org.springframework.security:spring-security-crypto-5.6.1
	~~CVE-2022-23437~~	Maven-xerces:xercesImpl-2.9.1
	~~CVE-2022-38752~~	Maven-org.yaml:snakeyaml-1.31
	~~CVE-2022-41854~~	Maven-org.yaml:snakeyaml-1.31
	~~CVE-2023-20861~~	Maven-org.springframework:spring-expression-5.3.22
	~~CVE-2023-20862~~	Maven-org.springframework.security:spring-security-web-5.7.3
	~~CVE-2023-20862~~	Maven-org.springframework.security:spring-security-config-5.7.3
	~~CVE-2023-20863~~	Maven-org.springframework:spring-expression-5.3.22
	~~CVE-2023-33264~~	Maven-com.hazelcast:hazelcast-5.1.3
	~~CVE-2023-34055~~	Maven-org.springframework.boot:spring-boot-actuator-2.7.3
	~~CVE-2023-34462~~	Maven-io.netty:netty-handler-4.1.80.Final
	~~CVE-2023-44483~~	Maven-org.apache.santuario:xmlsec-2.3.0
	~~CVE-2024-38808~~	Maven-org.springframework:spring-expression-5.3.22
	~~CVE-2024-38828~~	Maven-org.springframework:spring-webmvc-5.3.22
	~~CVE-2025-8885~~	Maven-org.bouncycastle:bcprov-jdk18on-1.71
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 153
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 153
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 193
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 153
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 153
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 153
	~~Privacy_Violation~~	/api/api-iam/iam-client-legacy/src/main/java/fr/gouv/vitamui/iam/client/CasRestClient.java: 153
	~~Privacy_Violation~~	/api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/Pac4jClientBuilder.java: 88
	~~Privacy_Violation~~	/api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/Pac4jClientBuilder.java: 106
	~~Privacy_Violation~~	/api/api-iam/iam-commons/src/main/java/fr/gouv/vitamui/iam/common/utils/Pac4jClientBuilder.java: 105
	~~CVE-2020-8908~~	Maven-com.google.guava:guava-30.1.1-jre
	~~Heap_Inspection~~	/cas/cas-server/src/main/java/fr/gouv/vitamui/cas/webflow/actions/TriggerChangePasswordAction.java: 72
	~~Heap_Inspection~~	/cas/cas-server/src/main/java/fr/gouv/vitamui/cas/webflow/actions/I18NSendPasswordResetInstructionsAction.java: 197
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 168
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 166
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 166
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 166
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 215
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 216
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 216
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 216
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 194
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 193
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 192
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 195
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 193
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 195
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 193
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 195
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 201
	~~Log_Forging~~	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/TransactionController.java: 201

More results are available on the CxOne platform

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

…low start

…assword flow

comment: * key-size: 128 fix 500 errors (https://groups.google.com/a/apereo.org/g/cas-user/c/ZF6Jgf476tU/m/lHV8NhWvAAAJ?pli=1)

Regzox added this to the IT 163 milestone Dec 19, 2025

Regzox added the VAS VAS contribution label Dec 19, 2025

Regzox self-assigned this Dec 19, 2025

Regzox marked this pull request as draft December 19, 2025 15:32

Regzox force-pushed the story_15455 branch 3 times, most recently from 913c13d to 4f8e575 Compare January 15, 2026 10:32

Regzox force-pushed the story_15455 branch 3 times, most recently from bcfaad6 to ccc364f Compare February 3, 2026 09:18

Regzox added 19 commits February 3, 2026 14:28

story #15455 feat: upgrade CAS 6 to 7

0f051ea

story #15455: setup beans and replace client

2e98e9f

story #15455: presentation dlb vendredi

a33cd8d

story #15455: debug

04b590a

story #15455: replace getUser by getUserByEmail

b835561

story #15455: undo xelians static resources

4e5b5b9

story #15455: clean code

e0f5570

story #15455 fix: user principal resolver

f8b1615

story #15455: bidouilles access token

53a70c7

story #15455: xelians resources

10fdb73

story #15455: wip to revert

61306e1

story #15455: wip update client oauth2 conf

6bdb360

story #15455: cfg, css, webflow bean

330d56f

story #15455: step: login works

be30be8

story #15455 wip: logout

b766464

story #15455: logout works

481118b

story #15455 style: enable scss compilation and update scss

d18e9c4

story #15455 config: update redirect_url for each missed oauth client

8960047

story #15455 lint: spotless apply

3d0ac18

Regzox added 4 commits February 3, 2026 14:31

story #15455 feat(passwordless-unify): move subrogation check at webf…

79b4fc4

…low start

story #15455 feat(passwordless-unify): unify passwordless and login-p…

c9f6396

…assword flow

story #15455 test: fix broken tests

994d60e

story #15455 style: fix typo

60e82c2

Regzox force-pushed the story_15455 branch from d5ea153 to 60e82c2 Compare February 3, 2026 13:31

story #15455 feat(template): setup our templates and styles

0f3f935

Regzox force-pushed the story_15455 branch from c6ebb8d to 0f3f935 Compare February 3, 2026 14:32

Regzox added 7 commits February 3, 2026 18:30

story #15455 fix(subrogation): customer id pattern

685d578

story #15455 conf: rename secret token key

c621c84

story #15455 conf(cas): update deployment application conf

b953137

story #15455 fix: secret token key

708270a

story #15455 conf(test): add hardcoded crypto settings

6d463f2

story #15455 conf: update client redirect uris

ff5d634

story #15455 conf(test): add crypto params

5672de5

comment: * key-size: 128 fix 500 errors (https://groups.google.com/a/apereo.org/g/cas-user/c/ZF6Jgf476tU/m/lHV8NhWvAAAJ?pli=1)

Regzox marked this pull request as ready for review February 5, 2026 14:34

GiooDev added the Highlight Important feature for release note label Feb 5, 2026

story #15455 fix(password-mgt): change password args permutation

cbe22de

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

story #15455 feat: upgrade CAS 6 to 7 #3439

story #15455 feat: upgrade CAS 6 to 7 #3439

Regzox commented Dec 19, 2025

Uh oh!

vitam-prg commented Dec 19, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

story #15455 feat: upgrade CAS 6 to 7 #3439

Are you sure you want to change the base?

story #15455 feat: upgrade CAS 6 to 7 #3439

Conversation

Regzox commented Dec 19, 2025

Uh oh!

vitam-prg commented Dec 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

vitam-prg commented Dec 19, 2025 •

edited

Loading