Sourced from The GitHub Security Advisory Database.

Cross-Site Scripting A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @​javax.ws.rs.PathParam without any @​Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected versions: <= 4.6.0.Final

Sourced from The GitHub Security Advisory Database.

Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Affected versions: >= 4.0.0, <= 4.5.2.Final

Sourced from The GitHub Security Advisory Database.

Cross-Site Scripting A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @​javax.ws.rs.PathParam without any @​Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected versions: <= 4.6.0.Final

Sourced from The GitHub Security Advisory Database.

Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Affected versions: >= 4.0.0, <= 4.5.2.Final

Sourced from The GitHub Security Advisory Database.

Exposure of class information in RESTEasy A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Affected versions: >= 4.0.0, < 4.5.10

Sourced from resteasy-core's releases.

4.7.1.Final

RESTEasy 4.7.1.Final

RESTEasy 4.7.0.Final

Release Notes

... (truncated)

• 16dcc09 Prepare for 4.7.1.Final release
• b213ee0 Merge pull request #2875 from jamezp/RESTEASY-2966-4.7
• 3611db8 [RESTEASY-2966] Add missing dependencies to the BOM.
• dbb1446 Merge pull request #2871 from jamezp/backports
• d8b6349 Merge pull request #2872 from jamezp/deploy-test-api-artifacts-4.7
• a58926f Do not skip deploying any artifacts.
• 4fa5263 [RESTEASY-2837] Set testable deployment parameter for weld deployments
• ef6c564 [RESTEASY-2837] Parametrize resteasy-client-microprofile
• cc730f3 [RESTEASY-2837] Update ClientWebApplicationException tests to work on servers...
• bfe23fb Next is 4.7.1
• Additional commits viewable in compare view

Sourced from resteasy-core-spi's releases.

4.7.1.Final

RESTEasy 4.7.1.Final

RESTEasy 4.7.0.Final

Release Notes

... (truncated)

• 16dcc09 Prepare for 4.7.1.Final release
• b213ee0 Merge pull request #2875 from jamezp/RESTEASY-2966-4.7
• 3611db8 [RESTEASY-2966] Add missing dependencies to the BOM.
• dbb1446 Merge pull request #2871 from jamezp/backports
• d8b6349 Merge pull request #2872 from jamezp/deploy-test-api-artifacts-4.7
• a58926f Do not skip deploying any artifacts.
• 4fa5263 [RESTEASY-2837] Set testable deployment parameter for weld deployments
• ef6c564 [RESTEASY-2837] Parametrize resteasy-client-microprofile
• cc730f3 [RESTEASY-2837] Update ClientWebApplicationException tests to work on servers...
• bfe23fb Next is 4.7.1
• Additional commits viewable in compare view

Sourced from The GitHub Security Advisory Database.

Generation of Error Message Containing Sensitive Information in RESTEasy client A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

Affected versions: <= 4.5.6.Final

Sourced from resteasy-client-microprofile's releases.

4.7.1.Final

RESTEasy 4.7.1.Final

RESTEasy 4.7.0.Final

Release Notes

... (truncated)

• 16dcc09 Prepare for 4.7.1.Final release
• b213ee0 Merge pull request #2875 from jamezp/RESTEASY-2966-4.7
• 3611db8 [RESTEASY-2966] Add missing dependencies to the BOM.
• dbb1446 Merge pull request #2871 from jamezp/backports
• d8b6349 Merge pull request #2872 from jamezp/deploy-test-api-artifacts-4.7
• a58926f Do not skip deploying any artifacts.
• 4fa5263 [RESTEASY-2837] Set testable deployment parameter for weld deployments
• ef6c564 [RESTEASY-2837] Parametrize resteasy-client-microprofile
• cc730f3 [RESTEASY-2837] Update ClientWebApplicationException tests to work on servers...
• bfe23fb Next is 4.7.1
• Additional commits viewable in compare view

Sourced from resteasy-rxjava2's releases.

4.7.1.Final

RESTEasy 4.7.1.Final

RESTEasy 4.7.0.Final

Release Notes

... (truncated)

• 16dcc09 Prepare for 4.7.1.Final release
• b213ee0 Merge pull request #2875 from jamezp/RESTEASY-2966-4.7
• 3611db8 [RESTEASY-2966] Add missing dependencies to the BOM.
• dbb1446 Merge pull request #2871 from jamezp/backports
• d8b6349 Merge pull request #2872 from jamezp/deploy-test-api-artifacts-4.7
• a58926f Do not skip deploying any artifacts.
• 4fa5263 [RESTEASY-2837] Set testable deployment parameter for weld deployments
• ef6c564 [RESTEASY-2837] Parametrize resteasy-client-microprofile
• cc730f3 [RESTEASY-2837] Update ClientWebApplicationException tests to work on servers...
• bfe23fb Next is 4.7.1
• Additional commits viewable in compare view

Sourced from resteasy-spring-web's releases.

4.7.1.Final

RESTEasy 4.7.1.Final

RESTEasy 4.7.0.Final

Release Notes

... (truncated)

• 16dcc09 Prepare for 4.7.1.Final release
• b213ee0 Merge pull request #2875 from jamezp/RESTEASY-2966-4.7
• 3611db8 [RESTEASY-2966] Add missing dependencies to the BOM.
• dbb1446 Merge pull request #2871 from jamezp/backports
• d8b6349 Merge pull request #2872 from jamezp/deploy-test-api-artifacts-4.7
• a58926f Do not skip deploying any artifacts.
• 4fa5263 [RESTEASY-2837] Set testable deployment parameter for weld deployments
• ef6c564 [RESTEASY-2837] Parametrize resteasy-client-microprofile
• cc730f3 [RESTEASY-2837] Update ClientWebApplicationException tests to work on servers...
• bfe23fb Next is 4.7.1
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)