Merge branch 'vulnerability-fix-ibm-indexer-service' into 'master'

Vulnerability fix ibm indexer service See merge request !445

Merge branch 'vulnerability-fix-ibm-indexer-service' into 'master'
10b0860c · Brindaban Das · 70064a38 · 1b5bce94 · 10b0860c · 10b0860c
Commit 10b0860c authored 2 years ago by Brindaban Das
--- a/NOTICE
+++ b/NOTICE
@@ -747,6 +747,7 @@ The following software have components provided under the terms of this license:
 - Google APIs Client Library for Java (from https://repo1.maven.org/maven2/com/google/api-client/google-api-client)
 - Google Auth Library for Java - Credentials (from https://repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials)
 - Google Auth Library for Java - OAuth2 HTTP (from https://repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http)
+- Google OAuth Client Library for Java (from https://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client)
 - HK2 Implementation Utilities (from https://repo1.maven.org/maven2/org/glassfish/hk2/hk2-utils)
 - HK2 core module (from https://repo1.maven.org/maven2/org/glassfish/hk2/hk2-core)
 - Hamcrest (from http://hamcrest.org/JavaHamcrest/)

--- a/indexer-core/pom.xml
+++ b/indexer-core/pom.xml
@@ -19,8 +19,8 @@
 		<spring-security-web.version>5.4.9</spring-security-web.version>
 		<gson.version>2.9.1</gson.version>
 		<netty.version>4.1.70.Final</netty.version>
-		<jackson-databind.version>2.13.4</jackson-databind.version>
-		<jackson.version>2.13.2</jackson.version>
+		<jackson-databind.version>2.13.4.2</jackson-databind.version>
+		<jackson.version>2.13.4</jackson.version>
 		<spring-webmvc.version>5.3.22</spring-webmvc.version>
 	</properties>

@@ -244,7 +244,11 @@
 			<version>3.0.16</version>
 			<scope>test</scope>
 		</dependency>
-
+		<dependency>
+			<groupId>org.apache.tomcat.embed</groupId>
+			<artifactId>tomcat-embed-core</artifactId>
+			<version>9.0.68</version>
+		</dependency>
 	</dependencies>

 	<build>

--- a/pom.xml
+++ b/pom.xml
@@ -16,9 +16,9 @@
        <os-core-common.version>0.16.1</os-core-common.version>
        <snakeyaml.version>1.33</snakeyaml.version>
        <hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
-        <jackson-databind.version>2.13.4</jackson-databind.version>
-        <jackson.version>2.13.2</jackson.version>
-        <tomcat-embed-core.version>9.0.67</tomcat-embed-core.version>
+        <jackson-databind.version>2.13.4.2</jackson-databind.version>
+        <jackson.version>2.13.4</jackson.version>
+        <tomcat-embed-core.version>9.0.68</tomcat-embed-core.version>
        <common-codec.version>1.14</common-codec.version>
        <elasticsearch.version>7.8.1</elasticsearch.version>
        <netty.version>4.1.51.Final</netty.version>

--- a/provider/indexer-ibm/pom.xml
+++ b/provider/indexer-ibm/pom.xml
@@ -31,11 +31,11 @@
    <packaging>jar</packaging>
 	
 	<properties>
-		<tomcat.embed.core.version>9.0.67</tomcat.embed.core.version>
+		<tomcat.embed.core.version>9.0.68</tomcat.embed.core.version>
        <os-core-lib-ibm.version>0.16.0-rc1</os-core-lib-ibm.version>
        <spring-webmvc.version>5.3.22</spring-webmvc.version>
-        <jackson-databind.version>2.13.2.2</jackson-databind.version>
-        <jackson.version>2.13.2</jackson.version>
+        <jackson-databind.version>2.13.4.2</jackson-databind.version>
+        <jackson.version>2.13.4</jackson.version>
    </properties>
 	
 	<profiles>