#570: Fixed CVE-2024-31573 (#572)

exasol · May 8, 2024 · 078769d · 078769d
1 parent c939dfe
commit 078769d
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 5 deletions.
diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
diff --git a/doc/changes/changes_4.3.1.md b/doc/changes/changes_4.3.1.md
@@ -0,0 +1,65 @@
+# Project Keeper 4.3.1, released 2024-05-??
+
+Code name: Fix CVE-2024-31573 in `org.xmlunit:xmlunit-core:jar:2.9.1:test`
+
+## Summary
+
+This release fixes vulnerability CVE-2024-31573 in `org.xmlunit:xmlunit-core:jar:2.9.1:test`.
+
+## Security
+
+* #570: Fixed CVE-2024-31573 in `org.xmlunit:xmlunit-core:jar:2.9.1:test`
+
+## Dependency Updates
+
+### Project Keeper Core
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-model-classes:4.3.0` to `4.3.1`
+* Updated `org.xmlunit:xmlunit-core:2.9.1` to `2.10.0`
+
+#### Runtime Dependency Updates
+
+* Updated `com.exasol:project-keeper-java-project-crawler:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-test-setup:4.3.0` to `4.3.1`
+* Updated `org.xmlunit:xmlunit-matchers:2.9.1` to `2.10.0`
+
+### Project Keeper Command Line Interface
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-core:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-test-setup:4.3.0` to `4.3.1`
+
+### Project Keeper Maven Plugin
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-core:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `org.xmlunit:xmlunit-matchers:2.9.1` to `2.10.0`
+
+### Project Keeper Java Project Crawler
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-model-classes:4.3.0` to `4.3.1`
+
+#### Test Dependency Updates
+
+* Updated `org.xmlunit:xmlunit-matchers:2.9.1` to `2.10.0`
+
+### Project Keeper Shared Test Setup
+
+#### Compile Dependency Updates
+
+* Updated `com.exasol:project-keeper-shared-model-classes:4.3.0` to `4.3.1`
diff --git a/parent-pom/pom.xml b/parent-pom/pom.xml
@@ -28,13 +28,13 @@
         </repository>
     </distributionManagement>
     <properties>
-        <revision>4.3.0</revision>
+        <revision>4.3.1</revision>
         <!-- Integration test ProjectKeeperMojoIT starts a Maven build which requires Java 17. -->
         <java.version>17</java.version>
         <maven.version>3.9.6</maven.version>
         <minimum.maven.version>3.6.3</minimum.maven.version>
         <junit.version>5.10.2</junit.version>
-        <xmlunit.version>2.9.1</xmlunit.version>
+        <xmlunit.version>2.10.0</xmlunit.version>
         <mockito.version>5.11.0</mockito.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
@@ -84,12 +84,12 @@
                 <!-- Upgrade transitive dependency of org.eclipse:yasson to fix CVE-2023-4043 -->
                 <groupId>org.eclipse.parsson</groupId>
                 <artifactId>parsson</artifactId>
-                <version>1.1.5</version>
+                <version>1.1.6</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.maven.plugin-tools</groupId>
                 <artifactId>maven-plugin-annotations</artifactId>
-                <version>3.12.0</version>
+                <version>3.13.0</version>
                 <scope>provided</scope>
             </dependency>
             <dependency>
@@ -248,7 +248,7 @@
             <dependency>
                 <groupId>org.itsallcode</groupId>
                 <artifactId>hamcrest-auto-matcher</artifactId>
-                <version>0.6.0</version>
+                <version>0.7.0</version>
                 <scope>test</scope>
             </dependency>
         </dependencies>