Merge branch 'release/3.0.5'

03458290 · Cyril Dangerville · 188c22e1 · f2ae1149 · 03458290 · 03458290
Commit 03458290 authored 1 year ago by Cyril Dangerville
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
 All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. This project adheres to [Semantic Versioning](http://semver.org).


+## 3.0.5
+### Fixed
+- CVEs by upgrading:
+  - Parent project (authzforce-ce-parent): 8.5.0
+  - Maven dependencies:
+    - authzforce-ce-xacml-model: 8.5.0 
+    - com.github.everit-org.json-schema/org.everit.json.schema -> com.github.erosb/everit-json-schema: 1.14.2
+    - Spring Core: 5.3.29
+- `authzforce-ce-xacml-model` dependency: missing `XacmlAttributeId` enum value for standard XACML 3.0 Core attribute `urn:oasis:names:tc:xacml:2.0:resource:target-namespace` (used for `<Content>` processing) has been added
+
 ## 3.0.4
 ### Fixed 
 - CVE-2021-22696 and CVE-2021-3046 fixed by upgrading **authzforce-ce-parent to v8.0.3**

--- a/owasp-dependency-check-suppression.xml
+++ b/owasp-dependency-check-suppression.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions
-	xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+	xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+	<suppress>
+		<notes><![CDATA[
+   FP per issue https://github.com/jeremylong/DependencyCheck/issues/5545
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
+		<vulnerabilityName>CVE-2022-45688</vulnerabilityName>
+	</suppress>
 </suppressions>
\ No newline at end of file
--- a/pom.xml
+++ b/pom.xml
@@ -3,11 +3,11 @@
 	<parent>
 		<groupId>org.ow2.authzforce</groupId>
 		<artifactId>authzforce-ce-parent</artifactId>
-		<version>8.0.3</version>
+		<version>8.5.0</version>
 	</parent>
 	<artifactId>authzforce-ce-xacml-json-model</artifactId>
 	<packaging>jar</packaging>
-	<version>3.0.4</version>
+	<version>3.0.5</version>
 	<name>${project.groupId}:${project.artifactId}</name>
 	<description>AuthzForce - Data model for JSON Profile of XACML 3.0</description>
 	<url>${project.url}</url>
@@ -32,8 +32,8 @@
 			<artifactId>spring-core</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>com.github.everit-org.json-schema</groupId>
-			<artifactId>org.everit.json.schema</artifactId>
+			<groupId>com.github.erosb</groupId>
+			<artifactId>everit-json-schema</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.testng</groupId>
@@ -147,12 +147,13 @@
 					<dependency>
 						<groupId>net.sf.saxon</groupId>
 						<artifactId>Saxon-HE</artifactId>
+						<!-- Must match the version in ivy.xml -->
 						<version>9.8.0-15</version>
 					</dependency>
 					<dependency>
 						<groupId>org.apache.ivy</groupId>
 						<artifactId>ivy</artifactId>
-						<version>2.4.0</version>
+						<version>2.5.1</version>
 					</dependency>
 					<dependency>
 						<groupId>ant-contrib</groupId>
@@ -214,7 +215,7 @@
 					<!-- Using multiple test suites simplifies debugging and prevent some TestNG issues happening when reusing same class/methods over multiple tests in same test suite -->
 					<!-- <suiteXmlFile>src/test/suite.xml</suiteXmlFile> -->
 					<!-- </suiteXmlFiles> -->
-					<skipAfterFailureCount>1</skipAfterFailureCount>
+					<skipAfterFailureCount>0</skipAfterFailureCount>
 					<!-- redirectTestOutputToFile: set this to 'true' to redirect the unit test standard output to a file (found in reportsDirectory/testName-output.txt) -->
 					<redirectTestOutputToFile>false</redirectTestOutputToFile>
 					<systemPropertyVariables>

--- a/src/main/java/org/ow2/authzforce/xacml/json/model/LimitsCheckingJSONObject.java
+++ b/src/main/java/org/ow2/authzforce/xacml/json/model/LimitsCheckingJSONObject.java
 /*
- * Copyright 2012-2021 THALES.
+ * Copyright 2012-2023 THALES.
 *
 * This file is part of AuthzForce CE.
 *

--- a/src/main/java/org/ow2/authzforce/xacml/json/model/SpringBasedJsonSchemaClient.java
+++ b/src/main/java/org/ow2/authzforce/xacml/json/model/SpringBasedJsonSchemaClient.java
 /*
- * Copyright 2012-2021 THALES.
+ * Copyright 2012-2023 THALES.
 *
 * This file is part of AuthzForce CE.
 *

--- a/src/main/java/org/ow2/authzforce/xacml/json/model/XacmlJsonUtils.java
+++ b/src/main/java/org/ow2/authzforce/xacml/json/model/XacmlJsonUtils.java
 /*
- * Copyright 2012-2021 THALES.
+ * Copyright 2012-2023 THALES.
 *
 * This file is part of AuthzForce CE.
 *

--- a/src/test/java/org/ow2/authzforce/xacml/json/model/test/LimitsCheckingJSONObjectTest.java
+++ b/src/test/java/org/ow2/authzforce/xacml/json/model/test/LimitsCheckingJSONObjectTest.java
 /*
- * Copyright 2012-2021 THALES.
+ * Copyright 2012-2023 THALES.
 *
 * This file is part of AuthzForce CE.
 *
@@ -18,7 +18,6 @@
 package org.ow2.authzforce.xacml.json.model.test;

 import java.io.*;
-import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.util.AbstractMap;

--- a/src/test/java/org/ow2/authzforce/xacml/json/model/test/TestDataProvider.java
+++ b/src/test/java/org/ow2/authzforce/xacml/json/model/test/TestDataProvider.java
 /*
- * Copyright 2012-2021 THALES.
+ * Copyright 2012-2023 THALES.
 *
 * This file is part of AuthzForce CE.
 *

--- a/src/test/java/org/ow2/authzforce/xacml/json/model/test/XacmlJsonSchemaValidationTest.java
+++ b/src/test/java/org/ow2/authzforce/xacml/json/model/test/XacmlJsonSchemaValidationTest.java
 /*
- * Copyright 2012-2021 THALES.
+ * Copyright 2012-2023 THALES.
 *
 * This file is part of AuthzForce CE.
 *
@@ -33,7 +33,6 @@ import org.testng.annotations.Test;
 import javax.xml.bind.JAXBException;
 import java.io.BufferedReader;
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;