From e19706bd219a948a4cc7b1a3f36b27e7ae2c9236 Mon Sep 17 00:00:00 2001 From: "alexandria.gomez" Date: Wed, 8 Jul 2026 14:47:47 -0400 Subject: [PATCH 1/4] fix(security): bump jackson-databind to 2.18.8 to remediate CVE-2026-54512 and CVE-2026-54513 Co-Authored-By: Claude Sonnet 5 --- CHANGELOG.md | 6 ++++++ pom.xml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9acad9..1a96ba2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 2.2.5 + +### Maintenance + +- Update `jackson-databind` dependency due to vulnerability + ## 2.2.4 ### Maintenance diff --git a/pom.xml b/pom.xml index 1650266..097f009 100644 --- a/pom.xml +++ b/pom.xml @@ -260,7 +260,7 @@ ${java.version} ${java.version} 2.0.0 - 2.18.2 + 2.18.8 UTF-8 From 7dd6f9c3323a9744ae92248aa159271cdb9b2158 Mon Sep 17 00:00:00 2001 From: "alexandria.gomez" Date: Wed, 8 Jul 2026 17:27:55 -0400 Subject: [PATCH 2/4] Bump project version to 2.2.5 to match CHANGELOG Co-Authored-By: Claude Sonnet 5 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 097f009..ca2f5bc 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ lf-api-client-core jar Laserfiche API Client Core - 2.2.0 + 2.2.5 https://github.com/Laserfiche/lf-api-client-core-java Java implementation of various foundational APIs for Laserfiche, including authorization APIs such as OAuth 2.0 flows for secure and easy access to Laserfiche APIs. From 17208ccf17ef86d419de96b162dc3e17899116d7 Mon Sep 17 00:00:00 2001 From: "alexandria.gomez" Date: Wed, 8 Jul 2026 19:13:40 -0400 Subject: [PATCH 3/4] ci: grant checks:write to build-n-test so publish-unit-test-result-action can post check runs Default GITHUB_TOKEN permissions are read-only, so EnricoMi/publish-unit-test-result-action was failing with 403 Resource not accessible by integration on every PR. Co-Authored-By: Claude Sonnet 5 --- .github/workflows/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b0bb688..9af7f53 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,6 +16,10 @@ jobs: build-n-test: runs-on: ubuntu-latest + permissions: + contents: read + checks: write + env: ACCESS_KEY: ${{ secrets.DEV_CA_PUBLIC_USE_INTEGRATION_TEST_ACCESS_KEY }} SERVICE_PRINCIPAL_KEY: ${{ secrets.DEV_CA_PUBLIC_USE_TESTOAUTHSERVICEPRINCIPAL_SERVICE_PRINCIPAL_KEY }} From 725c6a2e8e0f101b9c61587246c2d8da4791f2f6 Mon Sep 17 00:00:00 2001 From: "alexandria.gomez" Date: Wed, 8 Jul 2026 19:37:34 -0400 Subject: [PATCH 4/4] ci: grant pull-requests:write for publish-unit-test-result-action's PR comment checks:write alone got the check runs created, but the action's default comment_mode also posts/updates a PR comment, which needs pull-requests:write. Co-Authored-By: Claude Sonnet 5 --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9af7f53..deaef94 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,7 @@ jobs: permissions: contents: read checks: write + pull-requests: write env: ACCESS_KEY: ${{ secrets.DEV_CA_PUBLIC_USE_INTEGRATION_TEST_ACCESS_KEY }}