Skip to content

Fix CVE-2026-31802 by updating tar to patched versions#345

Merged
rgrunber merged 1 commit intoeclipse-che:mainfrom
sbouchet:CVE-2026-31802
Mar 23, 2026
Merged

Fix CVE-2026-31802 by updating tar to patched versions#345
rgrunber merged 1 commit intoeclipse-che:mainfrom
sbouchet:CVE-2026-31802

Conversation

@sbouchet
Copy link
Contributor

@sbouchet sbouchet commented Mar 20, 2026
edited
Loading

This PR fixes GHSA-9ppj-qmqm-q256: Symlink Path Traversal via Drive-Relative Linkpath

tar version is updated to 7.5.11

fixes https://redhat.atlassian.net/browse/CRW-10348

@sbouchet
Fix CVE-2026-31802 by updating tar to patched versions
b9261f0 
This PR fixes GHSA-9ppj-qmqm-q256: Symlink Path Traversal via
Drive-Relative Linkpath

tar version is updated to 7.5.11

fixes https://redhat.atlassian.net/browse/CRW-10348

Signed-off-by: Stephane Bouchet <sbouchet@redhat.com>
@sbouchet sbouchet requested review from azatsarynnyy, rgrunber and vrubezhny and removed request for amisevsk, azatsarynnyy and l0rd March 20, 2026 09:42
rgrunber
rgrunber approved these changes Mar 23, 2026
View reviewed changes
Copy link

@rgrunber rgrunber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Continues to build as usual.

@rgrunber rgrunber merged commit 9861015 into eclipse-che:main Mar 23, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgrunber rgrunber rgrunber approved these changes

@vrubezhny vrubezhny Awaiting requested review from vrubezhny

@azatsarynnyy azatsarynnyy Awaiting requested review from azatsarynnyy azatsarynnyy is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sbouchet @rgrunber