Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

org.springframework.ws:spring-ws-core 3.0.4.RELEASE

Back to all
Package Version

org.springframework.ws:spring-ws-core 3.0.4.RELEASE

Github Repository

Package Version Scores

Overall
0
/10
Security
8
Activity
6
Popularity
8
Quality
4
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
670eb3acf3892fad151a0775
CVEs Fixed
C
1
H
0
+720
-149

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml
CVE-2019-3773
Critical

Get the Patch Instantly Without Upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
LINES OF CODE CHANGED
+720
-149
-
on latest patch
License
Patch Available

Get the Patch Instantly

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "Most Commits are Verified",
"description": "A large fraction of the commits in this repository are verified; this shows that security best practices are followed",
"category": "code quality",
"type": "upscore"
},
{
"title": "Issues with Labels",
"description": "Attaching labels to issues allows for better tracking of issue activity in the project",
"category": "code quality",
"type": "upscore"
},
{
"title": "No Merged Pull Requests",
"description": "Lack of merged pull requests indicates that the project may not be maintained",
"category": "activity",
"type": "downscore"
},
{
"title": "High Ratio of Rejected Pull Requests",
"description": "A high ratio of rejected pull requests indicates that the project may not be actively developed",
"category": "activity",
"type": "downscore"
},
{
"title": "Pull Requests Have Labels",
"description": "Attaching labels to pull requests helps organize the development activity in the project",
"category": "code quality",
"type": "upscore"
},
{
"title": "Pull Requests from Bots",
"description": "Pull requests from bot accounts indicate that the project is using automation for development tasks",
"category": "code quality",
"type": "upscore"
},
{
"title": "Pull Requests From Dependency Management Bots",
"description": "Pull requests from dependency management bot accounts indicate that the project is using automation to keep its dependencies up to date",
"category": "code quality",
"type": "upscore"
},
{
"title": "Limited Activity From Corporate Accounts",
"description": "Lack of activity from corporate affiliated accounts indicates that the project may not have reliable backing and support",
"category": "activity",
"type": "downscore"
},
{
"title": "Activity from Reputable Accounts",
"description": "High activity from reputable accounts is an indication that the repository is well maintained. An account is considered reputable if it participates in multiple open source projects and has a high rating in GitHub",
"category": "activity",
"type": "upscore"
},
{
"title": "First Major Release Milestone Achieved",
"description": "The repository has reached 1.0 release status, this is a sign of maturity",
"category": "code quality",
"type": "upscore"
},
{
"title": "Older Releases are Maintained",
"description": "The repository keeps releasing updates to earlier release trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Frequent Releases",
"description": "The repository has frequent releases, this is a sign of a commitment to maintaining and supporting the codebase",
"category": "activity",
"type": "upscore"
},
{
"title": "Recent Release Activity",
"description": "The repository has some very recent releases and this shows that it is actively maintained",
"category": "activity",
"type": "upscore"
},
{
"title": "Releases do not Follow SemVer",
"description": "The repository has releases that do not follow the SemVer standard, this goes against best practices",
"category": "code quality",
"type": "downscore"
},
{
"title": "Organization Repository",
"description": "When a repository belongs to an organization there is a lower risk of it getting abandoned in the future",
"category": "activity",
"type": "upscore"
},
{
"title": "Outdated Release",
"description": "This release is old and has been superseded by multiple newer releases, it should not be used",
"category": "code quality",
"type": "downscore"
},
{
"title": "No Known Vulnerabilities for this Version",
"description": "No vulnerabilities discovered in this version of the repository indicates that this is a version that is safe to use. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "upscore"
},
{
"title": "Has Stars",
"description": "Having some stars indicates interest in the project. ",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Forks",
"description": "Many forks show an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Subscribers",
"description": "A very large number of subscribers indicates an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "No Automated Build System",
"description": "Reproducible builds using makefiles or CI systems allow verification that no modifications, such as vulnerabilities or backdoors, have been introduced during a package's build process",
"category": "code quality",
"type": "downscore"
},
{
"title": "Repository Contains Binary Files",
"description": "When a repository contains binary files it is harder to analyze and assess its functionality and risks",
"category": "code quality",
"type": "downscore"
},
{
"title": "High Ratio of Test Code",
"description": "High quality projects should use tests",
"category": "code quality",
"type": "upscore"
},
{
"title": "No Best Practices Files",
"description": "The repository does not have any of the files that typically explain basic operational aspects of the project, this may be an indication that the project is not well maintained",
"category": "code quality",
"type": "downscore"
}
]
}