Commit 287ad899 authored by Alok Joshi's avatar Alok Joshi
Browse files

Merge branch 'fix_sec_vul' into 'master'

Update libraries to fix CVE security vulnerabilities

See merge request !101
parents 859c33c7 e3b506e1
...@@ -127,7 +127,6 @@ The following software have components provided under the terms of this license: ...@@ -127,7 +127,6 @@ The following software have components provided under the terms of this license:
- Jackson 2 extensions to the Google HTTP Client Library for Java. (from https://github.com/google/google-http-java-client.git/google-http-client-jackson2) - Jackson 2 extensions to the Google HTTP Client Library for Java. (from https://github.com/google/google-http-java-client.git/google-http-client-jackson2)
- Jackson CoreUtils (from https://github.com/fge/jackson-coreutils) - Jackson CoreUtils (from https://github.com/fge/jackson-coreutils)
- Jackson dataformat: CBOR (from http://github.com/FasterXML/jackson-dataformats-binary) - Jackson dataformat: CBOR (from http://github.com/FasterXML/jackson-dataformats-binary)
- Jackson dataformat: CBOR (from http://github.com/FasterXML/jackson-dataformats-binary)
- Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310) - Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310)
- Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310) - Jackson datatype: JSR310 (from http://wiki.fasterxml.com/JacksonModuleJSR310)
- Jackson extensions to the Google HTTP Client Library for Java. (from ) - Jackson extensions to the Google HTTP Client Library for Java. (from )
...@@ -206,10 +205,10 @@ The following software have components provided under the terms of this license: ...@@ -206,10 +205,10 @@ The following software have components provided under the terms of this license:
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java) - Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java) - Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java) - Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org) - Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org) - Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- MongoDB Driver (from http://www.mongodb.org) - MongoDB Driver (from http://www.mongodb.org)
- MongoDB Java Driver Core (from http://www.mongodb.org) - MongoDB Java Driver Core (from http://www.mongodb.org)
- Msg Simple (from https://github.com/fge/msg-simple) - Msg Simple (from https://github.com/fge/msg-simple)
...@@ -418,7 +417,6 @@ The following software have components provided under the terms of this license: ...@@ -418,7 +417,6 @@ The following software have components provided under the terms of this license:
- swagger-models (from ) - swagger-models (from )
- tomcat-annotations-api (from http://tomcat.apache.org/) - tomcat-annotations-api (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/) - tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-el (from http://tomcat.apache.org/) - tomcat-embed-el (from http://tomcat.apache.org/)
- tomcat-embed-websocket (from http://tomcat.apache.org/) - tomcat-embed-websocket (from http://tomcat.apache.org/)
- x-content (from https://github.com/elastic/elasticsearch) - x-content (from https://github.com/elastic/elasticsearch)
...@@ -571,7 +569,6 @@ The following software have components provided under the terms of this license: ...@@ -571,7 +569,6 @@ The following software have components provided under the terms of this license:
- jersey-ext-bean-validation (from ) - jersey-ext-bean-validation (from )
- jersey-spring4 (from ) - jersey-spring4 (from )
- tomcat-embed-core (from http://tomcat.apache.org/) - tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
======================================================================== ========================================================================
CPL-1.0 CPL-1.0
...@@ -652,7 +649,6 @@ The following software have components provided under the terms of this license: ...@@ -652,7 +649,6 @@ The following software have components provided under the terms of this license:
- jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson) - jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson)
- jersey-spring4 (from ) - jersey-spring4 (from )
- tomcat-embed-core (from http://tomcat.apache.org/) - tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
======================================================================== ========================================================================
GPL-2.0-or-later GPL-2.0-or-later
...@@ -697,7 +693,6 @@ The following software have components provided under the terms of this license: ...@@ -697,7 +693,6 @@ The following software have components provided under the terms of this license:
- jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson) - jersey-media-json-jackson (from git://java.net/jersey~code/project/jersey-media-json-jackson)
- jersey-spring4 (from ) - jersey-spring4 (from )
- tomcat-embed-core (from http://tomcat.apache.org/) - tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-core (from http://tomcat.apache.org/)
======================================================================== ========================================================================
GPL-3.0-only GPL-3.0-only
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
<properties> <properties>
<skip.unit.tests>false</skip.unit.tests> <skip.unit.tests>false</skip.unit.tests>
<skip.integration.tests>true</skip.integration.tests> <skip.integration.tests>true</skip.integration.tests>
<jackson.version>2.11.2</jackson.version> <jackson.version>2.11.4</jackson.version>
<resteasy.version>3.12.0.Final</resteasy.version> <resteasy.version>3.12.0.Final</resteasy.version>
<elasticsearch.version>7.8.1</elasticsearch.version> <elasticsearch.version>7.8.1</elasticsearch.version>
<snakeyaml.version>1.26</snakeyaml.version> <snakeyaml.version>1.26</snakeyaml.version>
...@@ -44,7 +44,8 @@ ...@@ -44,7 +44,8 @@
<log4j-core.version>2.13.2</log4j-core.version> <log4j-core.version>2.13.2</log4j-core.version>
<google-oauth-client.version>1.31.0</google-oauth-client.version> <google-oauth-client.version>1.31.0</google-oauth-client.version>
<commons-compress.version>1.20</commons-compress.version> <commons-compress.version>1.20</commons-compress.version>
<osdu.oscorecommon.version>0.9.0-rc3</osdu.oscorecommon.version> <osdu.oscorecommon.version>0.9.0-rc4</osdu.oscorecommon.version>
<tomcat-embed-core.version>9.0.45</tomcat-embed-core.version>
</properties> </properties>
<licenses> <licenses>
...@@ -101,6 +102,12 @@ ...@@ -101,6 +102,12 @@
<groupId>org.elasticsearch</groupId> <groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId> <artifactId>elasticsearch</artifactId>
<version>${elasticsearch.version}</version> <version>${elasticsearch.version}</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec</groupId> <groupId>commons-codec</groupId>
...@@ -323,6 +330,11 @@ ...@@ -323,6 +330,11 @@
<artifactId>os-core-common</artifactId> <artifactId>os-core-common</artifactId>
<version>${osdu.oscorecommon.version}</version> <version>${osdu.oscorecommon.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat-embed-core.version}</version>
</dependency>
</dependencies> </dependencies>
<repositories> <repositories>
......
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
<aws.version>1.11.637</aws.version> <aws.version>1.11.637</aws.version>
<deployment.environment>dev</deployment.environment> <deployment.environment>dev</deployment.environment>
<version.number>0.0.4-SNAPSHOT</version.number> <version.number>0.0.4-SNAPSHOT</version.number>
<osdu.oscorecommon.version>0.8.0-rc3</osdu.oscorecommon.version> <osdu.oscorecommon.version>0.9.0-rc4</osdu.oscorecommon.version>
</properties> </properties>
<dependencies> <dependencies>
...@@ -89,6 +89,12 @@ ...@@ -89,6 +89,12 @@
<dependency> <dependency>
<groupId>org.elasticsearch</groupId> <groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId> <artifactId>elasticsearch</artifactId>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.locationtech.spatial4j</groupId> <groupId>org.locationtech.spatial4j</groupId>
......
...@@ -36,8 +36,8 @@ ...@@ -36,8 +36,8 @@
<failOnMissingWebXml>false</failOnMissingWebXml> <failOnMissingWebXml>false</failOnMissingWebXml>
<project.main.basedir>${project.parent.basedir}</project.main.basedir> <project.main.basedir>${project.parent.basedir}</project.main.basedir>
<springboot.version>2.1.7.RELEASE</springboot.version> <springboot.version>2.1.7.RELEASE</springboot.version>
<osdu.corelibazure.version>0.8.0-rc1</osdu.corelibazure.version> <osdu.corelibazure.version>0.9.0-rc1</osdu.corelibazure.version>
<osdu.oscorecommon.version>0.9.0-rc3</osdu.oscorecommon.version> <osdu.oscorecommon.version>0.9.0-rc4</osdu.oscorecommon.version>
<osdu.search-core.version>0.9.0-SNAPSHOT</osdu.search-core.version> <osdu.search-core.version>0.9.0-SNAPSHOT</osdu.search-core.version>
<spatial4j.version>0.7</spatial4j.version> <spatial4j.version>0.7</spatial4j.version>
<jts-io-common.version>1.15.0</jts-io-common.version> <jts-io-common.version>1.15.0</jts-io-common.version>
......
...@@ -48,7 +48,7 @@ ...@@ -48,7 +48,7 @@
<dependency> <dependency>
<groupId>org.opengroup.osdu</groupId> <groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId> <artifactId>os-core-common</artifactId>
<version>0.8.0-rc3</version> <version>0.9.0-rc4</version>
</dependency> </dependency>
<dependency> <dependency>
......
...@@ -54,7 +54,7 @@ ...@@ -54,7 +54,7 @@
<dependency> <dependency>
<groupId>org.opengroup.osdu</groupId> <groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId> <artifactId>os-core-common</artifactId>
<version>0.8.0-rc3</version> <version>0.9.0-rc4</version>
</dependency> </dependency>
<dependency> <dependency>
...@@ -125,6 +125,12 @@ ...@@ -125,6 +125,12 @@
<dependency> <dependency>
<groupId>org.elasticsearch</groupId> <groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId> <artifactId>elasticsearch</artifactId>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.elasticsearch.client</groupId> <groupId>org.elasticsearch.client</groupId>
......
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
<properties> <properties>
<os-core-lib-ibm.version>0.7.1</os-core-lib-ibm.version> <os-core-lib-ibm.version>0.7.1</os-core-lib-ibm.version>
<start-class>org.opengroup.osdu.search.provider.ibm.app.SearchIBMApplication</start-class> <start-class>org.opengroup.osdu.search.provider.ibm.app.SearchIBMApplication</start-class>
<osdu.oscorecommon.version>0.8.0-rc3</osdu.oscorecommon.version> <osdu.oscorecommon.version>0.9.0-rc4</osdu.oscorecommon.version>
</properties> </properties>
...@@ -88,6 +88,12 @@ ...@@ -88,6 +88,12 @@
<dependency> <dependency>
<groupId>org.elasticsearch</groupId> <groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId> <artifactId>elasticsearch</artifactId>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.elasticsearch.client</groupId> <groupId>org.elasticsearch.client</groupId>
......
...@@ -33,7 +33,7 @@ ...@@ -33,7 +33,7 @@
<dependency> <dependency>
<groupId>org.opengroup.osdu</groupId> <groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId> <artifactId>os-core-common</artifactId>
<version>0.8.0-rc3</version> <version>0.9.0-rc4</version>
</dependency> </dependency>
<dependency> <dependency>
......
...@@ -36,7 +36,6 @@ ...@@ -36,7 +36,6 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<failOnMissingWebXml>false</failOnMissingWebXml> <failOnMissingWebXml>false</failOnMissingWebXml>
<project.main.basedir>${project.basedir}</project.main.basedir> <project.main.basedir>${project.basedir}</project.main.basedir>
<tomcat-embed-core.version>9.0.37</tomcat-embed-core.version>
<nimbus-jose-jwt.version>9.1.2</nimbus-jose-jwt.version> <nimbus-jose-jwt.version>9.1.2</nimbus-jose-jwt.version>
<elasticsearch.version>7.8.1</elasticsearch.version> <elasticsearch.version>7.8.1</elasticsearch.version>
</properties> </properties>
...@@ -183,6 +182,12 @@ ...@@ -183,6 +182,12 @@
<groupId>org.elasticsearch</groupId> <groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId> <artifactId>elasticsearch</artifactId>
<version>${elasticsearch.version}</version> <version>${elasticsearch.version}</version>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.elasticsearch.client</groupId> <groupId>org.elasticsearch.client</groupId>
...@@ -242,11 +247,6 @@ ...@@ -242,11 +247,6 @@
</exclusion> </exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat-embed-core.version}</version>
</dependency>
<dependency> <dependency>
<groupId>io.springfox</groupId> <groupId>io.springfox</groupId>
<artifactId>springfox-core</artifactId> <artifactId>springfox-core</artifactId>
......
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
<dependency> <dependency>
<groupId>org.opengroup.osdu</groupId> <groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId> <artifactId>os-core-common</artifactId>
<version>0.0.18</version> <version>0.9.0-rc4</version>
</dependency> </dependency>
<dependency> <dependency>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment