Merge branch 'hotfix/1.9.3'

suppress false positive
cherry picked from 9bd5b45ea7
2026-05-15 09:11:29 +00:00 · 2023-08-07 10:26:43 +02:00 · 2023-08-07 10:25:42 +02:00 · 2023-08-07 10:19:04 +02:00 · 2023-08-07 10:14:45 +02:00 · 2023-08-07 10:04:08 +02:00
6 changed files with 29 additions and 6 deletions
--- a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
+++ b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
@@ -66,6 +66,8 @@
 	</content_rating>

 	<releases>
+		<release date="2023-08-07" version="1.9.3"/>
+		<release date="2023-07-24" version="1.9.2"/>
 		<release date="2023-06-07" version="1.9.1"/>
 		<release date="2023-05-30" version="1.9.0"/>
 		<release date="2023-04-25" version="1.8.0"/>
--- a/dist/win/contrib/patchWebDAV.bat
+++ b/dist/win/contrib/patchWebDAV.bat
@@ -3,5 +3,5 @@
 ::REPLACE ME

 cd %~dp0
-powershell -NoLogo -NonInteractive -ExecutionPolicy Unrestricted -Command .\patchWebDAV.ps1^
+powershell -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command .\patchWebDAV.ps1^
 -LoopbackAlias %LOOPBACK_ALIAS%
--- a/dist/win/contrib/version170-migrate-settings.bat
+++ b/dist/win/contrib/version170-migrate-settings.bat
@@ -2,4 +2,4 @@
 :: see comments in file ./version170-migrate-settings.ps1

 cd %~dp0
-powershell -NoLogo -NonInteractive -ExecutionPolicy Unrestricted -Command .\version170-migrate-settings.ps1
+powershell -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command .\version170-migrate-settings.ps1
--- a/dist/win/resources/main.wxs
+++ b/dist/win/resources/main.wxs
@@ -132,11 +132,17 @@
      <CustomAction Id="JpSetARPURLUPDATEINFO" Property="ARPURLUPDATEINFO" Value="$(var.JpUpdateURL)" />
    <?endif?>

+    <Property Id="WixQuietExec64CmdTimeout" Value="20" />
+    <!-- Note for custom actions: Immediate CAs run BEFORE the files are installed, hence if you depend on installed files, the CAs must be deferred.-->
    <!-- WebDAV patches -->
-    <CustomAction Id="PatchWebDAV" Impersonate="no" ExeCommand="[INSTALLDIR]patchWebDAV.bat" Directory="INSTALLDIR" Execute="deferred" Return="asyncWait" />
+    <SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot;"
+            Sequence="execute" Before="PatchWebDAV" />
+    <CustomAction Id="PatchWebDAV" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>

    <!-- Special Settings migration for 1.7.0,. Should be removed eventually, for more info, see ../contrib/version170-migrate-settings.ps1-->
-    <CustomAction Id="V170MigrateSettings" Impersonate="no" ExeCommand="[INSTALLDIR]version170-migrate-settings.bat" Directory="INSTALLDIR" Execute="deferred" Return="asyncWait" />
+    <SetProperty Id="V170MigrateSettings" Value="&quot;[INSTALLDIR]version170-migrate-settings.bat&quot;"
+            Sequence="execute" Before="V170MigrateSettings" />
+    <CustomAction Id="V170MigrateSettings" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>

    <!-- Running App detection and exit -->
    <Property Id="FOUNDRUNNINGAPP" Admin="yes"/>
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.9.1</version>
+	<version>1.9.3</version>
 	<name>Cryptomator Desktop App</name>

 	<organization>
--- a/suppression.xml
+++ b/suppression.xml
@@ -55,4 +55,19 @@
 		<cve>CVE-2022-45688</cve>
 	</suppress>

-</suppressions>
+	<suppress>
+		<notes><![CDATA[
+   		Cryptomator not affected of cve in jackson-databind-2.14.2.jar
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+		<cve>CVE-2023-35116</cve>
+	</suppress>
+
+	<suppress>
+		<notes><![CDATA[
+		False positive for jackrabbit-webdav-2.21.15.jar. This component is not affected, see https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit\-webdav@.*$</packageUrl>
+		<cve>CVE-2023-37895</cve>
+	</suppress>
+</suppressions>
Author	SHA1	Message	Date
Armin Schrenk	34c0f1d13e	Merge branch 'hotfix/1.9.3'	2023-08-07 10:26:43 +02:00
Armin Schrenk	da21c7fa80	suppress false positive cherry picked from `9bd5b45ea7`	2023-08-07 10:25:42 +02:00
Armin Schrenk	9ae9473b95	finalize 1.9.3	2023-08-07 10:19:04 +02:00
Tobias Hagemann	727c32ad50	Merge pull request from GHSA-62gx-54j7-mjh3 Add -NoProfile option to powershell scripts run during windows installer	2023-08-07 10:14:45 +02:00
Armin Schrenk	d939e91661	prepare 1.9.3	2023-08-07 10:04:08 +02:00
Armin Schrenk	151f2babd8	Add NoProfile option to powershell scripts run during windows instaler Closes #GHSA-62gx-54j7-mjh3	2023-08-07 10:02:39 +02:00
Armin Schrenk	9ca1ff1a2d	Merge branch 'hotfix/1.9.2'	2023-07-24 16:35:33 +02:00
Armin Schrenk	164a350e7e	finalize 1.9.2	2023-07-24 16:34:49 +02:00
Tobias Hagemann	b48ebd524b	Merge pull request from GHSA-9c9p-c3mg-hpjq Fix LPE in win installer	2023-07-24 16:23:23 +02:00
Armin Schrenk	7ba9d4de4f	Merge branch 'hotfix/1.9.2' into feature/fix-lpe-win-installer	2023-07-24 16:21:54 +02:00
Armin Schrenk	807e718d13	supress non affecting cve (cherry picked from commit `4e3b2e0be0`)	2023-07-24 15:38:42 +02:00
Armin Schrenk	8ed1878035	prepare 1.9.2	2023-07-21 17:07:33 +02:00
Armin Schrenk	4e3b2e0be0	supress non affecting cve	2023-07-21 16:50:27 +02:00
Armin Schrenk	c2819963d2	Replace custom actions executing bat files to by quiet exec custom actions to surpress shown command prompts Closes #GHSA-9c9p-c3mg-hpjq (cherry picked from commit fb1ba6390dfcb7028be0eb051b893b744c0444dc)	2023-07-21 16:05:21 +02:00