Skip to content
Snippets Groups Projects
Commit 92d10095 authored by cdanger's avatar cdanger
Browse files

- Fixed issue #7 : spring-core version affected by CVE 

- Upgraded managed versions of dependencies:
  - Spring Core: 5.3.20
  - SLF4j: 1.7.36
  - Apache CXF: 3.5.2
  - Spring Boot Starter: 2.6.7
  - Logback: 1.2.11
  - javax.servlet-api -> jakarta.servlet-api: 4.0.4
  - Saxon-HE: 10.8
  - Guava: 31.1
  - org.json:json: 20220320
  - org.everit.json.schema -> everit-json-schema: 1.14.1
parent daecf6fd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 23 additions and 23 deletions
pom.xml
+ 23
23
View file @ 92d10095
...@@ -17,18 +17,18 @@ ...@@ -17,18 +17,18 @@
<git.url.base>https://gitlab.ow2.org/authzforce</git.url.base> <git.url.base>https://gitlab.ow2.org/authzforce</git.url.base>
<!-- Jakarta XML Binding version --> <!-- Jakarta XML Binding version -->
<jaxb.version>2.3.3</jaxb.version> <jaxb.version>2.3.3</jaxb.version>
<jaxb2-basics.version>0.12.0</jaxb2-basics.version> <jaxb2-basics.version>0.13.1</jaxb2-basics.version>
<jaxb2-value-constructor.version>3.0</jaxb2-value-constructor.version> <jaxb2-value-constructor.version>3.0</jaxb2-value-constructor.version>
<!-- This version must match the MAJOR.MINOR parts of the slf4j version used by spring-boot-starter-logging version used by cxf-spring-boot-starter-jaxrs:${cxf.version}. (All 4.3.x versions up to 4.3.16 are affected by CVEs.) --> <!-- This version must match the MAJOR.MINOR parts of the slf4j version used by spring-boot-starter-logging version used by cxf-spring-boot-starter-jaxrs:${cxf.version}. (All 4.3.x versions up to 4.3.16 are affected by CVEs.) -->
<slf4j.version>1.7.32</slf4j.version> <slf4j.version>1.7.36</slf4j.version>
<cxf.version>3.5.0</cxf.version> <cxf.version>3.5.2</cxf.version>
<!-- This version must match the version of cxf-spring-boot-starter-jaxrs:${cxf.version}'s spring-boot-starter dependency (at least MAJOR.MINOR parts). 2.6.1 depends on Spring-core 5.3.13 which have 1 vulnerability. --> <!-- This version must match the version of cxf-spring-boot-starter-jaxrs:${cxf.version}'s spring-boot-starter dependency (at least MAJOR.MINOR parts). 2.6.1 depends on Spring-core 5.3.13 which have 1 vulnerability. -->
<spring-boot-starter.version>2.6.3</spring-boot-starter.version> <spring-boot-starter.version>2.6.7</spring-boot-starter.version>
<!-- Spring Core version. Must match the version of spring-boot-starter:${spring-boot-starter.version}'s spring-core dependency version (at least MAJOR.MINOR part). --> <!-- Spring Core version. Must match the version of spring-boot-starter:${spring-boot-starter.version}'s spring-core dependency version (at least MAJOR.MINOR part). -->
<spring.version>5.3.18</spring.version> <spring.version>5.3.20</spring.version>
<!-- logback-* version, must match the version of spring-boot-starter-logging:${spring-boot-starter.version}'s logback-classic dependency (at least MAJOR.MINOR part). --> <!-- logback-* version, must match the version of spring-boot-starter-logging:${spring-boot-starter.version}'s logback-classic dependency (at least MAJOR.MINOR part). -->
<logback.version>1.2.10</logback.version> <logback.version>1.2.11</logback.version>
<spotbugs.version>4.5.3</spotbugs.version> <spotbugs.version>4.6.0</spotbugs.version>
</properties> </properties>
<url>${project.url}</url> <url>${project.url}</url>
<inceptionYear>2012</inceptionYear> <inceptionYear>2012</inceptionYear>
...@@ -169,30 +169,30 @@ ...@@ -169,30 +169,30 @@
<version>${cxf.version}</version> <version>${cxf.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.servlet</groupId> <groupId>jakarta.servlet</groupId>
<artifactId>javax.servlet-api</artifactId> <artifactId>jakarta.servlet-api</artifactId>
<version>4.0.1</version> <version>4.0.4</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>net.sf.saxon</groupId> <groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId> <artifactId>Saxon-HE</artifactId>
<version>10.6</version> <version>10.8</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.google.guava</groupId> <groupId>com.google.guava</groupId>
<artifactId>guava</artifactId> <artifactId>guava</artifactId>
<version>31.0-jre</version> <version>31.1-jre</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.json</groupId> <groupId>org.json</groupId>
<artifactId>json</artifactId> <artifactId>json</artifactId>
<version>20211205</version> <version>20220320</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.github.everit-org.json-schema</groupId> <groupId>com.github.erosb</groupId>
<artifactId>org.everit.json.schema</artifactId> <artifactId>everit-json-schema</artifactId>
<!-- This version must use the versions of artifact org.json/json and guava specified above. --> <!-- This version must use the versions of artifact org.json/json and guava specified above. -->
<version>1.12.1</version> <version>1.14.1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>junit</groupId> <groupId>junit</groupId>
...@@ -265,18 +265,18 @@ ...@@ -265,18 +265,18 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId> <artifactId>maven-pmd-plugin</artifactId>
<version>3.15.0</version> <version>3.16.0</version>
<!-- target JDK already set by parent project's maven.compiler.target property --> <!-- target JDK already set by parent project's maven.compiler.target property -->
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>net.sourceforge.pmd</groupId> <groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-core</artifactId> <artifactId>pmd-core</artifactId>
<version>6.42.0</version> <version>6.45.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>net.sourceforge.pmd</groupId> <groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId> <artifactId>pmd-java</artifactId>
<version>6.42.0</version> <version>6.45.0</version>
</dependency> </dependency>
</dependencies> </dependencies>
</plugin> </plugin>
...@@ -307,12 +307,12 @@ ...@@ -307,12 +307,12 @@
<!-- Consider combining with Red Hat Victims and OSS Index. More info on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 --> <!-- Consider combining with Red Hat Victims and OSS Index. More info on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 -->
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>6.5.3</version> <version>7.1.0</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId> <groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb2-plugin</artifactId> <artifactId>maven-jaxb2-plugin</artifactId>
<version>0.14.0</version> <version>0.15.1</version>
<configuration> <configuration>
<debug>false</debug> <debug>false</debug>
<strict>false</strict> <strict>false</strict>
...@@ -324,7 +324,7 @@ ...@@ -324,7 +324,7 @@
<!-- For generating HTML documentation from Markdown --> <!-- For generating HTML documentation from Markdown -->
<groupId>com.ruleoftech</groupId> <groupId>com.ruleoftech</groupId>
<artifactId>markdown-page-generator-plugin</artifactId> <artifactId>markdown-page-generator-plugin</artifactId>
<version>0.10</version> <version>2.4.0</version>
<configuration> <configuration>
<inputEncoding>UTF-8</inputEncoding> <inputEncoding>UTF-8</inputEncoding>
<outputEncoding>UTF-8</outputEncoding> <outputEncoding>UTF-8</outputEncoding>
...@@ -334,7 +334,7 @@ ...@@ -334,7 +334,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>3.9.0</version> <version>3.10.1</version>
<configuration> <configuration>
<release>11</release> <release>11</release>
<compilerArgument>-Xlint:deprecation</compilerArgument> <compilerArgument>-Xlint:deprecation</compilerArgument>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment