From 5da928d35cf15cd4f872011d518cd05bef7fcec5 Mon Sep 17 00:00:00 2001 From: Jochen Haeussler Date: Fri, 29 Nov 2024 11:59:37 +0100 Subject: [PATCH 1/2] chore: update graphhopper to v4.9.5 with fix for CVE-2024-7254 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bad3ed8504..b7a654b88b 100644 --- a/pom.xml +++ b/pom.xml @@ -49,7 +49,7 @@ yyyy-MM-dd'T'HH:mm:ss'Z' - v4.9.4 + v4.9.5 1.18.34 2.0.13 From db990bb9e9648d2f17395931ad11707f6d09db7e Mon Sep 17 00:00:00 2001 From: Jochen Haeussler Date: Fri, 29 Nov 2024 12:11:26 +0100 Subject: [PATCH 2/2] chore: update changelog --- CHANGELOG.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 410deb3f87..61f1d9b0f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -58,7 +58,13 @@ RELEASING: ### Fixed - do not enforce a time-dependent routing algorithm unless the weighting requires it ([#1865](https://github.com/GIScience/openrouteservice/pull/1865)) - failing queries that combined departure/arrival parameters with avoid polygons ([#1871](https://github.com/GIScience/openrouteservice/pull/1871)) -- matrix limit ignored for explicit 'all' value in sources or destinations([#1875](https://github.com/GIScience/openrouteservice/pull/1875)) +- matrix limit ignored for explicit 'all' value in sources or + destinations ([#1875](https://github.com/GIScience/openrouteservice/pull/1875)) + +### Security + +- updated graphhopper dependency with fix for + CVE-2024-7254 ([#1918](https://github.com/GIScience/openrouteservice/pull/1918)) ## [8.2.0] - 2024-10-09 ### Added