Visual Studio Magazine

Threats from the Shadows: Securing the CI/CD Pipeline Against Modern Attacks

A deep dive into how attackers exploit overlooked weaknesses in CI/CD pipelines and software supply chains, and how .NET and ...
GitHub

Incompatibility with OkHttp 4.x since 1.52.0

Since v1.52.0, opentelemetry-exporter-sender-okhttp and opentelemetry-sdk-extension-jaeger-remote-sampler started to depend on okhttp 5.x. If my application still needs depend on okhttp 4.x, I will ...
CEOWORLD magazine

The Security Ripple Effect of End-of-Life Packages and Their Dependencies

When an open-source component reaches end of life (EOL), the risks extend far beyond that single package. Most components rely on third-party libraries, creating chains of transitive dependencies.
IEEE

Out of Sight, Still at Risk: The Lifecycle of Transitive Vulnerabilities in Maven

Abstract: The modern software development landscape heavily relies on transitive dependencies. They enable seamless integration of third-party libraries. However, they also introduce security ...
IEEE

Decoding Dependency Risks: A Quantitative Study of Vulnerabilities in the Maven Ecosystem

Abstract: This study investigates vulnerabilities within the Maven ecosystem by analyzing a comprehensive dataset of $14,459,139$ releases. Our analysis reveals the most critical weaknesses that pose ...
dbta

Putting Fun in Functional Dependency

Everyone knows and loves the first three normal forms. We go through the process of normalization to remove redundancies in our data structures. But the redundancies we remove have nothing to do with ...
GitHub

[MSHADE-465] Limit depth of transitive dependency promotion

In order for a shaded jar to be a drop-in replacement, promoteTransitiveDependencies should be true. This has an annoying side-effect of flattening the dependency tree. For example, suppose you have a ...