Skip to content

Allow access to /v2/users/current without redirect to SSO#4543

Merged
thescouser89 merged 1 commit into
project-ncl:masterfrom
thescouser89:no-auth-redirect-for-v2-users-current
Jun 17, 2026
Merged

Allow access to /v2/users/current without redirect to SSO#4543
thescouser89 merged 1 commit into
project-ncl:masterfrom
thescouser89:no-auth-redirect-for-v2-users-current

Conversation

@thescouser89

@thescouser89 thescouser89 commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Checklist:

  • Have you added unit tests for your change?

@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
8.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- opentelemetry-semconv-1.29.0-alpha.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client-jakarta.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-client-3.6.0-SNAPSHOT-jakarta.jar
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
		|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
			|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
rest-client-3.6.0-SNAPSHOT.jar
|-- vertx-core-3.9.14.jar [1 MEDIUM]
	|-- netty-codec-http2-4.2.9.Final.jar [2 HIGH, 3 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-codec-compression-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-proxy-4.2.9.Final.jar [1 MEDIUM]
		|-- netty-codec-http-4.2.9.Final.jar [3 HIGH, 5 MEDIUM]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
	|-- netty-resolver-dns-4.2.9.Final.jar [2 HIGH, 1 MEDIUM]
		|-- netty-codec-dns-4.2.9.Final.jar [1 HIGH]
		|-- netty-handler-4.1.77.Final-redhat-00001.jar [4 HIGH, 1 MEDIUM]
|-- common-3.6.0-SNAPSHOT.jar
	|-- opentelemetry-instrumentation-annotations-2.24.0.jar
		|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT-patch-builders.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- rest-api-3.6.0-SNAPSHOT-java-client.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- dto-3.6.0-SNAPSHOT.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
spi-3.6.0-SNAPSHOT.jar
|-- opentelemetry-instrumentation-annotations-2.24.0.jar
	|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
|-- dto-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-api-3.5.0.jar
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
|-- model-3.6.0-SNAPSHOT.jar
	|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
	|-- pnc-common-3.4.0.jar
		|-- opentelemetry-ext-cli-java-1.5.0.jar
			|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-exporter-otlp-1.58.0.jar
				|-- opentelemetry-exporter-otlp-common-1.58.0.jar
					|-- opentelemetry-exporter-common-1.58.0.jar
						|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-sdk-1.58.0.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-common-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-logs-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-metrics-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
				|-- opentelemetry-sdk-trace-1.58.0.jar
					|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
			|-- opentelemetry-semconv-1.29.0-alpha.jar
				|-- opentelemetry-api-1.12.0.redhat-00001.jar [1 MEDIUM]
		|-- hibernate-validator-6.0.23.Final-redhat-00001.jar [1 HIGH]
test-common-3.6.0-SNAPSHOT.jar
|-- shrinkwrap-resolver-api-maven-3.3.4.jar
	|-- maven-model-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-archive-3.3.4.jar
	|-- guice-5.1.0.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- plexus-compiler-javac-2.15.0.jar
		|-- plexus-compiler-api-2.15.0.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-utils-3.5.1.jar [1 HIGH]
|-- shrinkwrap-resolver-impl-maven-3.3.4.jar
	|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
	|-- maven-model-builder-3.9.9.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
		|-- maven-artifact-3.9.9.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-repository-metadata-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-resolver-provider-3.9.9.jar
		|-- guava-30.1.0.redhat-00001.jar [1 MEDIUM, 1 LOW]
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-settings-builder-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- maven-settings-3.9.9.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-sec-dispatcher-2.0.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- plexus-utils-3.5.1.jar [1 HIGH]
	|-- org.eclipse.sisu.plexus-0.9.0.M3.jar
		|-- plexus-utils-3.5.1.jar [1 HIGH]
		|-- plexus-xml-3.0.1.jar
			|-- plexus-utils-3.5.1.jar [1 HIGH]


No Policy violations were detected

Project 'pnc' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=0225ec74-4391-4ac9-bfb5-714664caa6bb
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=c9f6fd516a5241de98250adf2d7ea547bc93772d823b4ff28dd89e6f18810351

Mend AI scan succeeded.

Support Token: 2e0206516df194026af863d7b04ec82431781719198786
SAST scan output 
warning: 'error' method of 'org.slf4j.Logger' object could be abused to perform a Log Injection attack. User input reached a Log4j sink. (mapper/src/main/java/org/jboss/pnc/mapper/abstracts/AbstractArtifactMapper.java:92)

Full logs and artifacts

@thescouser89 thescouser89 marked this pull request as ready for review June 17, 2026 18:12
@thescouser89 thescouser89 merged commit 25f9c42 into project-ncl:master Jun 17, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thescouser89