Specifically: CVE-2023-3635, caused by com.squareup.okio:okio version 3.2.0 and com.squareup.okio:okio-jvm version 3.2.0.
This vulnerability doesn't affect end users of Wurst. Only developers were potentially affected. Then again, the attack vector for this CVE isn't super relevant when compiling Wurst. So, do update your forks, but don't worry too much.
Specifically: CVE-2022-42003, CVE-2021-46877, CVE-2022-42004, and CVE-2020-36518, all caused by com.fasterxml.jackson.core:jackson-databind version 2.13.0.
These vulnerabilities don't affect end users of Wurst. Only developers were potentially affected. Then again, the attack vectors for these CVEs aren't super relevant when compiling Wurst. So, do update your forks, but don't worry too much.
Unfortunately this is incompatible with Minecraft's default Java version
(1.8.0_51), so none of this will actually work in production until (a)
Minecraft updates to a newer Java version, or (b) Sentry changes their
SSL certificate to something that Java 1.8.0_51 can understand.
See also: https://github.com/getsentry/sentry-java/issues/1000
I found out about this issue AFTER I spent nearly a week setting
everything up just the way I like, so now I don't want to just delete it
all. I will leave this here until the issue is fixed or I can figure out
something else to make it work.
