From c36e98731d9eb9c58bf463a8a243be91aa554700 Mon Sep 17 00:00:00 2001 From: itsKedar <37594766+itsKedar@users.noreply.github.com> Date: Mon, 22 Jan 2024 16:18:06 +0530 Subject: [PATCH] Vulnerability fix for 1.6.46 release (#1305) * Vulnerability fix for 1.6.46 release * Vulnerability fix for 1.6.46 release * Update Dockerfile --- Dockerfile | 2 +- build-11.gradle | 10 +++++----- build.gradle | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 268e5e048..dba659417 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,7 +21,7 @@ FROM alpine:3.18.4 AS java11 WORKDIR app RUN apk update && \ apk upgrade -RUN apk add openjdk11=11.0.21_p9-r0 --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community +RUN apk add openjdk11=11.0.22_p7-r0 --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk RUN apk add libstdc++ RUN apk add glib diff --git a/build-11.gradle b/build-11.gradle index 365b6c773..a970486c6 100644 --- a/build-11.gradle +++ b/build-11.gradle @@ -9,7 +9,7 @@ buildscript { ConfigProviderVersion = "1.0.9" //cxVersion = "8.90.5" - springBootVersion = '2.7.14' + springBootVersion = '2.7.18' sonarqubeVersion = '2.8' atlassianVersion = "5.2.0" atlassianFugueVersion = "4.7.2" @@ -64,9 +64,9 @@ configurations { all*.exclude module: 'wss-agent-api' } -ext['tomcat.version'] = '9.0.81' +ext['tomcat.version'] = '9.0.85' ext['groovy.version'] = '3.0.16' -ext['logback-classic.version'] = '1.2.10' +ext['logback-classic.version'] = '1.2.13' ext['spring-core.version'] = '5.3.29' dependencies { @@ -139,7 +139,7 @@ dependencies { compile ("org.apache.ivy:ivy:2.5.2") compile ("org.apache.commons:commons-lang3:3.12.0") compile('org.apache.commons:commons-collections4:4.4') - compile ("org.eclipse.jgit:org.eclipse.jgit:5.5.1.201910021850-r"){ + compile ("org.eclipse.jgit:org.eclipse.jgit:5.13.3.202401111512-r"){ exclude group: 'org.bouncycastle', module:'bcprov-jdk15onj' } compile group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' @@ -165,7 +165,7 @@ dependencies { testRuntimeOnly("org.junit.vintage:junit-vintage-engine:${junitVersion}") testCompile("org.mockito:mockito-core:4.11.0") compile("org.projectlombok:lombok:1.18.10") - compile("ch.qos.logback:logback-classic:1.2.10"){ + compile("ch.qos.logback:logback-classic:1.2.13"){ exclude group: 'ch.qos.logback', module: 'logback-core' } compile("ch.qos.logback.contrib:logback-json-classic:0.1.5"){ diff --git a/build.gradle b/build.gradle index 978d6a52a..22c4d3cab 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ CxSBSDK = "0.5.67" ConfigProviderVersion = "1.0.10" //cxVersion = "8.90.5" - springBootVersion = '2.7.14' + springBootVersion = '2.7.18' sonarqubeVersion = '2.8' atlassianVersion = "5.2.0" atlassianFugueVersion = "4.7.2" @@ -74,9 +74,9 @@ configurations { all*.exclude module: 'wss-agent-api' } -ext['tomcat.version'] = '9.0.81' +ext['tomcat.version'] = '9.0.85' ext['groovy.version'] = '3.0.16' -ext['logback-classic.version'] = '1.2.10' +ext['logback-classic.version'] = '1.2.13' ext['spring-core.version'] = '5.3.29' dependencies { @@ -154,7 +154,7 @@ dependencies { } compile("org.apache.ivy:ivy:2.5.2") compile("org.jasypt:jasypt:1.9.3") - compile("org.eclipse.jgit:org.eclipse.jgit:5.5.1.201910021850-r"){ + compile("org.eclipse.jgit:org.eclipse.jgit:5.13.3.202401111512-r"){ exclude group: 'org.bouncycastle', module:'bcprov-jdk15on' } compile group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' @@ -188,7 +188,7 @@ dependencies { testCompile("net.bytebuddy:byte-buddy:1.12.9") //Added due to Mockito Exception.Normally, Gradle should take care class path completion. compile("org.projectlombok:lombok:1.18.10") - compile("ch.qos.logback:logback-classic:1.2.10"){ + compile("ch.qos.logback:logback-classic:1.2.13"){ exclude group: 'ch.qos.logback', module: 'logback-core' } compile("ch.qos.logback.contrib:logback-json-classic:0.1.5"){ @@ -198,7 +198,7 @@ dependencies { compile("ch.qos.logback.contrib:logback-jackson:0.1.5"){ exclude group: 'ch.qos.logback', module: 'logback-core' } - compile("ch.qos.logback:logback-core:1.2.10") + compile("ch.qos.logback:logback-core:1.2.13") compile("net.logstash.logback:logstash-logback-encoder:5.2") compile 'org.modelmapper:modelmapper:2.4.0' compile("com.checkmarx:cx-config-provider:${ConfigProviderVersion}") {