Story #15307: update swagger api version by bbenaissa · Pull Request #3724 · ProgrammeVitam/vitam-ui

bbenaissa · 2026-05-06T12:07:34Z

Description

Update internal version declared on Swagger API

Contributeur

VAS (Vitam Accessible en Service)

vitam-prg · 2026-05-06T12:14:00Z

Checkmarx One – Scan Summary & Details – cb28bfe2-7422-46cc-85b6-c7bfa17638b1

New Issues (13)

Checkmarx found the following issues in this Pull Request

#	Issue	Source File / Package	Checkmarx Insight
1	CVE-2026-33750	Npm-brace-expansion-2.0.2	details Recommended version: 2.0.3 Description: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. In versions prior to 1.1.13, 2.0.0 prior to 2.0.3, 3... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2	CVE-2026-33750	Npm-brace-expansion-1.1.12	details Recommended version: 1.1.13 Description: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. In versions prior to 1.1.13, 2.0.0 prior to 2.0.3, 3... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3	CVE-2026-33750	Npm-brace-expansion-5.0.4	details Recommended version: 5.0.5 Description: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. In versions prior to 1.1.13, 2.0.0 prior to 2.0.3, 3... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4	CVE-2026-41907	Npm-uuid-11.1.0	details Recommended version: 11.1.1 Description: uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. 11.0.0 prior to 11.1.1, 12.0.0 prior to 12.0.1, 13.0.0 prior to 13.0.1, v3, v5, and v... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5	CVE-2026-40895	Npm-follow-redirects-1.15.11	details Recommended version: 1.16.0 Description: follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to versio... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 239	details Method getUser at line 239 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java gets user input from element embe... Attack Vector
7	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 301	details Method logout at line 301 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java gets user input from element authT... Attack Vector
8	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java: 199	details Method create at line 199 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java gets user input from element ... Attack Vector
9	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 221	details Method getUsersByEmail at line 221 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java gets user input from elem... Attack Vector
10	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java: 199	details Method create at line 199 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java gets user input from element ... Attack Vector
11	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java: 199	details Method create at line 199 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java gets user input from element ... Attack Vector
12	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 301	details Method logout at line 301 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java gets user input from element authT... Attack Vector
13	Parameter_Tampering	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/TenantController.java: 130	details Method create at line 130 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/TenantController.java gets user input from element dt... Attack Vector

Fixed Issues (265)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2019-17571~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23305~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-28890~~	Maven-org.apache.jena:jena-core-2.11.2
	~~CVE-2024-38821~~	Maven-org.springframework.security:spring-security-web-6.2.1
	~~CVE-2025-14813~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~CVE-2025-41243~~	Maven-org.springframework.cloud:spring-cloud-gateway-server-4.3.0
	~~CVE-2026-22732~~	Maven-org.springframework.security:spring-security-web-6.5.8
	~~CVE-2026-22732~~	Maven-org.springframework.security:spring-security-web-6.2.1
	~~CVE-2017-9096~~	Maven-com.lowagie:itext-2.1.7
	~~CVE-2021-39239~~	Maven-org.apache.jena:jena-core-2.11.2
	~~CVE-2021-4104~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23302~~	Maven-log4j:log4j-1.2.17
	~~CVE-2022-23307~~	Maven-log4j:log4j-1.2.17
	~~CVE-2023-26464~~	Maven-log4j:log4j-1.2.17
	~~CVE-2024-22233~~	Maven-org.springframework:spring-core-6.1.2
	~~CVE-2024-22234~~	Maven-org.springframework.security:spring-security-core-6.2.1
	~~CVE-2024-22234~~	Maven-org.springframework.security:spring-security-web-6.2.1
	~~CVE-2024-22234~~	Maven-org.springframework.security:spring-security-cas-6.2.1
	~~CVE-2024-22243~~	Maven-org.springframework:spring-web-6.1.2
	~~CVE-2024-22257~~	Maven-org.springframework.security:spring-security-core-6.2.1
	~~CVE-2024-22259~~	Maven-org.springframework:spring-web-6.1.2
	~~CVE-2024-22262~~	Maven-org.springframework:spring-web-6.1.2
	~~CVE-2024-29371~~	Maven-org.bitbucket.b_c:jose4j-0.9.4
	~~CVE-2024-38816~~	Maven-org.springframework:spring-webmvc-6.1.2
	~~CVE-2024-38819~~	Maven-org.springframework:spring-webmvc-6.1.2
	~~CVE-2024-57699~~	Maven-net.minidev:json-smart-2.5.0
	~~CVE-2025-22228~~	Maven-org.springframework.security:spring-security-crypto-6.2.1
	~~CVE-2025-22235~~	Maven-org.springframework.boot:spring-boot-actuator-autoconfigure-3.2.1
	~~CVE-2025-24970~~	Maven-io.netty:netty-handler-4.1.104.Final
	~~CVE-2025-41249~~	Maven-org.springframework:spring-core-6.1.2
	~~CVE-2025-41253~~	Maven-org.springframework.cloud:spring-cloud-gateway-server-4.3.0
	~~CVE-2025-48734~~	Maven-commons-beanutils:commons-beanutils-1.9.4
	~~CVE-2025-55163~~	Maven-io.netty:netty-codec-http2-4.1.104.Final
	~~CVE-2026-22731~~	Maven-org.springframework.boot:spring-boot-starter-actuator-3.5.11
	~~CVE-2026-22733~~	Maven-org.springframework.boot:spring-boot-starter-actuator-3.5.11
	~~CVE-2026-24400~~	Maven-org.assertj:assertj-core-3.24.2
	~~CVE-2026-27727~~	Maven-com.mchange:mchange-commons-java-0.2.15
	~~CVE-2026-33870~~	Maven-io.netty:netty-codec-http-4.1.104.Final
	~~CVE-2026-33870~~	Maven-io.netty:netty-codec-http-4.1.131.Final
	~~CVE-2026-33871~~	Maven-io.netty:netty-codec-http2-4.1.131.Final
	~~CVE-2026-33871~~	Maven-io.netty:netty-codec-http2-4.1.104.Final
	~~CVE-2026-5598~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~Cx78f40514-81ff~~	Maven-commons-collections:commons-collections-3.2.2
	~~Cxfa47c4e4-5ef9~~	Maven-com.fasterxml.jackson.core:jackson-core-2.16.1
	~~CVE-2023-33201~~	Maven-org.bouncycastle:bcprov-jdk15on-1.70
	~~CVE-2023-33202~~	Maven-org.bouncycastle:bcprov-jdk15on-1.70
	~~CVE-2024-12798~~	Maven-ch.qos.logback:logback-core-1.4.14
	~~CVE-2024-12798~~	Maven-ch.qos.logback:logback-classic-1.4.14
	~~CVE-2024-29025~~	Maven-io.netty:netty-codec-http-4.1.104.Final
	~~CVE-2024-29857~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~CVE-2024-29857~~	Maven-org.bouncycastle:bcprov-jdk15on-1.70
	~~CVE-2024-30171~~	Maven-org.bouncycastle:bcprov-jdk15on-1.70
	~~CVE-2024-30171~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~CVE-2024-30172~~	Maven-org.bouncycastle:bcpkix-jdk18on-1.77
	~~CVE-2024-30172~~	Maven-org.bouncycastle:bcprov-jdk15on-1.70
	~~CVE-2024-30172~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~CVE-2024-38809~~	Maven-org.springframework:spring-web-6.1.2
	~~CVE-2024-38827~~	Maven-org.springframework.security:spring-security-web-6.2.1
	~~CVE-2024-38827~~	Maven-org.springframework.security:spring-security-cas-6.2.1
	~~CVE-2024-38827~~	Maven-org.springframework.security:spring-security-crypto-6.2.1
	~~CVE-2024-38827~~	Maven-org.springframework.security:spring-security-core-6.2.1
	~~CVE-2024-38827~~	Maven-org.springframework.security:spring-security-config-6.2.1
	~~CVE-2024-47535~~	Maven-io.netty:netty-common-4.1.104.Final
	~~CVE-2025-11226~~	Maven-ch.qos.logback:logback-core-1.4.14
	~~CVE-2025-41234~~	Maven-org.springframework:spring-web-6.1.2
	~~CVE-2025-41242~~	Maven-org.springframework:spring-webmvc-6.1.2
	~~CVE-2025-46392~~	Maven-commons-configuration:commons-configuration-1.10
	~~CVE-2025-48924~~	Maven-commons-lang:commons-lang-2.6
	~~CVE-2025-48924~~	Maven-org.apache.commons:commons-lang3-3.14.0
	~~CVE-2025-53864~~	Maven-com.nimbusds:nimbus-jose-jwt-9.37.3
	~~CVE-2025-58057~~	Maven-io.netty:netty-codec-http2-4.1.104.Final
	~~CVE-2025-58057~~	Maven-io.netty:netty-codec-http-4.1.104.Final
	~~CVE-2025-58057~~	Maven-io.netty:netty-codec-4.1.104.Final
	~~CVE-2025-67735~~	Maven-io.netty:netty-codec-http-4.1.104.Final
	~~CVE-2025-7962~~	Maven-org.eclipse.angus:jakarta.mail-2.0.2
	~~CVE-2025-8885~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~CVE-2025-8916~~	Maven-org.bouncycastle:bcprov-jdk18on-1.77
	~~CVE-2025-8916~~	Maven-org.bouncycastle:bcpkix-jdk18on-1.77
	~~Parameter_Tampering~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java: 199
	~~Privacy_Violation~~	api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 85
	~~Privacy_Violation~~	api/api-iam/iam-security/src/main/java/fr/gouv/vitamui/iam/security/service/SecurityService.java: 175
	~~CVE-2024-12801~~	Maven-ch.qos.logback:logback-core-1.4.14
	~~CVE-2024-38820~~	Maven-org.springframework:spring-context-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-context-support-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-beans-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-test-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-jms-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-jdbc-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-webmvc-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-web-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-expression-6.1.2
	~~CVE-2024-38820~~	Maven-org.springframework:spring-core-6.1.2
	~~CVE-2025-22233~~	Maven-org.springframework:spring-context-6.1.2
	~~CVE-2025-58056~~	Maven-io.netty:netty-codec-http-4.1.104.Final
	~~CVE-2026-1225~~	Maven-ch.qos.logback:logback-classic-1.4.14
	~~CVE-2026-1225~~	Maven-ch.qos.logback:logback-core-1.4.14
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/GroupController.java: 195
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 235
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 238
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 239
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 236
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 237
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 235
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 303
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 302
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	api/api-archive-search/archive-search/src/main/java/fr/gouv/vitamui/archives/search/server/rest/ArchivesSearchController.java: 309
	~~Log_Forging~~	cas/cas-server/src/main/java/fr/gouv/vitamui/cas/authentication/LoginPwdAuthenticationHandler.java: 195
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java: 199
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CustomerController.java: 210
	~~Log_Forging~~	api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/rest/CasController.java: 266

More results are available on the CxOne platform

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

GiooDev · 2026-05-12T08:23:01Z

 servers:
-    - url: https://dev.vitamui.com:8083
-      description: Generated server url
+    -   url: https://dev.vitamui.com:8083


Bizarre le formatage du yaml, habituellement on met pas 3 espaces après un -

bbenaissa added this to the IT 169 milestone May 6, 2026

bbenaissa self-assigned this May 6, 2026

bbenaissa added bug Something isn't working small pr embarquant peu de changements et à review rapide, ne nécessitant qu'un reviewer labels May 6, 2026

bbenaissa marked this pull request as ready for review May 6, 2026 12:07

Story #15307: update swagger api version

0997f88

bbenaissa force-pushed the story_15307_update_swagger_api_version branch from f574ff3 to 0997f88 Compare May 6, 2026 12:08

bbenaissa changed the title ~~Story_15307: update swagger api version~~ Story #15307: update swagger api version May 6, 2026

GiooDev requested changes May 12, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Story #15307: update swagger api version#3724

Story #15307: update swagger api version#3724
bbenaissa wants to merge 1 commit into
developfrom
story_15307_update_swagger_api_version

bbenaissa commented May 6, 2026

Uh oh!

vitam-prg commented May 6, 2026 •

edited

Loading

Uh oh!

GiooDev May 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

bbenaissa commented May 6, 2026

Description

Contributeur

Uh oh!

vitam-prg commented May 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

GiooDev May 12, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

vitam-prg commented May 6, 2026 •

edited

Loading