Skip to content

Duplicated options from CVE update suggestion #1646

New issue
New issue
Open
Bug
Open
Duplicated options from CVE update suggestion#1646
Bug
Labels
installinstallation process of IDE + tools and install commandletsecurityCVEs or other vulnerabilities
Milestone
release:2025.12.001
@hohwille

Description

@hohwille
hohwille
opened on Dec 8, 2025

Actual behavior

$ ide install docker
...
Please note that by selecting an unsafe version to install, you accept the risk to be attacked.
Which version do you want to install?
Option 1: current (1.21.0 - unsafe)
Option 2: nearest (1.21.0 - unsafe)

This does not make sense. If nearest (or latest) option is identical to current we should not offer such option.

Reproduce

ide install docker

Expected behavior

If really no better/other version is found as alternative, it should not be offered:

Please note that by selecting an unsafe version to install, you accept the risk to be attacked.
Which version do you want to install?
Option 1: current (1.21.0 - unsafe)

IDEasy status

IDE_ROOT is set to D:/projects
IDE_HOME is set to D:/projects/project
You are online.
Found bash executable at: C:/Program Files/Git/usr/bin/bash.exe
Found git executable at: C:/Program Files/Git/mingw64/bin/git.exe
Your settings are not up-to-date, please run 'ide update'.
Your version of IDEasy is 2025.11.001.
Your are using the latest version of IDEasy and no update is available.
Your operating system is windows(10.0)@x64 [Windows 11@amd64]

Related/Dependent issues

#1145

Comments/Hints

I thought we would prevent this but it seems I was wrong.
Should be fixed here:

IDEasy/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java

Lines 585 to 589 in 0ee207a

} else if (newSeveritySum <= nearestSeveritySum) {
if ((newSeveritySum < latestSeveritySum) || (nearest == null) || version.isGreater(resolvedVersion)) {
nearest = ToolVersionChoice.ofNearest(version, issues);
}
nearestSeveritySum = newSeveritySum;

or if not easy possible here:

IDEasy/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java

Lines 610 to 621 in 0ee207a

if (nearest != null) {
if (addSuggestions) {
choices.add(nearest);
}
logCvesAndReturnTrueForNone(toolEdition, nearest.version(), nearest.option(), nearest.issues());
}
if (latest != null) {
if (addSuggestions) {
choices.add(latest);
}
logCvesAndReturnTrueForNone(toolEdition, latest.version(), latest.option(), latest.issues());
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    installinstallation process of IDE + tools and install commandletsecurityCVEs or other vulnerabilities

    Type

    Bug

    Projects

    IDEasy board

    Status

    🆕 New

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions