Details
-
Bug
-
Resolution: Fixed
-
Major
-
15.5-rc-1
-
None
-
Unknown
-
N/A
-
N/A
-
Description
Currently, extensions that are not released on Maven Central repository are not correctly indexed by osv.dev.
As a consequence, when looking for a given extension with a specific version
curl -d '{"version":"1.28","package":{"ecosystem":"Maven","name":"org.xwiki.contrib.oidc:oidc-authenticator"}}' https://api.osv.dev/v1/query
return an empty object.
The currently solution is to query for the package without a specific version
curl -d '{"package":{"ecosystem":"Maven","name":"org.xwiki.contrib.oidc:oidc-authenticator"}}' https://api.osv.dev/v1/query
and to filter the version ranges on our end.
This was done for org.xwiki.platform extensions, but we are missing org.xwiki.contrib extensions.