From 1b5bce94671eeb6948abeffe5ee551c2e1e119fe Mon Sep 17 00:00:00 2001
From: Pintu Gupta <pintu.gupta@ibm.com>
Date: Mon, 26 Dec 2022 03:58:43 +0000
Subject: [PATCH] Vulnerability fix ibm indexer service
---
NOTICE | 1 +
indexer-core/pom.xml | 10 +++++++---
pom.xml | 6 +++---
provider/indexer-ibm/pom.xml | 6 +++---
4 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/NOTICE b/NOTICE
index a9185f05b..85c36a670 100644
--- a/NOTICE
+++ b/NOTICE
@@ -747,6 +747,7 @@ The following software have components provided under the terms of this license:
- Google APIs Client Library for Java (from https://repo1.maven.org/maven2/com/google/api-client/google-api-client)
- Google Auth Library for Java - Credentials (from https://repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials)
- Google Auth Library for Java - OAuth2 HTTP (from https://repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http)
+- Google OAuth Client Library for Java (from https://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client)
- HK2 Implementation Utilities (from https://repo1.maven.org/maven2/org/glassfish/hk2/hk2-utils)
- HK2 core module (from https://repo1.maven.org/maven2/org/glassfish/hk2/hk2-core)
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
diff --git a/indexer-core/pom.xml b/indexer-core/pom.xml
index 0fe20bad3..9274ccd28 100644
--- a/indexer-core/pom.xml
+++ b/indexer-core/pom.xml
@@ -19,8 +19,8 @@
<spring-security-web.version>5.4.9</spring-security-web.version>
<gson.version>2.9.1</gson.version>
<netty.version>4.1.70.Final</netty.version>
- <jackson-databind.version>2.13.4</jackson-databind.version>
- <jackson.version>2.13.2</jackson.version>
+ <jackson-databind.version>2.13.4.2</jackson-databind.version>
+ <jackson.version>2.13.4</jackson.version>
<spring-webmvc.version>5.3.22</spring-webmvc.version>
</properties>
@@ -244,7 +244,11 @@
<version>3.0.16</version>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>9.0.68</version>
+ </dependency>
</dependencies>
<build>
diff --git a/pom.xml b/pom.xml
index 1eb8e2896..d763305b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -16,9 +16,9 @@
<os-core-common.version>0.16.1</os-core-common.version>
<snakeyaml.version>1.33</snakeyaml.version>
<hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
- <jackson-databind.version>2.13.4</jackson-databind.version>
- <jackson.version>2.13.2</jackson.version>
- <tomcat-embed-core.version>9.0.67</tomcat-embed-core.version>
+ <jackson-databind.version>2.13.4.2</jackson-databind.version>
+ <jackson.version>2.13.4</jackson.version>
+ <tomcat-embed-core.version>9.0.68</tomcat-embed-core.version>
<common-codec.version>1.14</common-codec.version>
<elasticsearch.version>7.8.1</elasticsearch.version>
<netty.version>4.1.51.Final</netty.version>
diff --git a/provider/indexer-ibm/pom.xml b/provider/indexer-ibm/pom.xml
index 06d94e558..b81755baf 100644
--- a/provider/indexer-ibm/pom.xml
+++ b/provider/indexer-ibm/pom.xml
@@ -31,11 +31,11 @@
<packaging>jar</packaging>
<properties>
- <tomcat.embed.core.version>9.0.67</tomcat.embed.core.version>
+ <tomcat.embed.core.version>9.0.68</tomcat.embed.core.version>
<os-core-lib-ibm.version>0.16.0-rc1</os-core-lib-ibm.version>
<spring-webmvc.version>5.3.22</spring-webmvc.version>
- <jackson-databind.version>2.13.2.2</jackson-databind.version>
- <jackson.version>2.13.2</jackson.version>
+ <jackson-databind.version>2.13.4.2</jackson-databind.version>
+ <jackson.version>2.13.4</jackson.version>
</properties>
<profiles>
--
GitLab