OS Core Common - Spring 5 merge requestshttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests2023-08-18T13:07:08Zhttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/137fix fossa to get new RC package2023-08-18T13:07:08ZNeelesh Thakurfix fossa to get new RC packageM10 - Release 0.13https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/136remove Elasticsearch dependency from os-core-common2022-09-16T08:08:16ZNeelesh Thakurremove Elasticsearch dependency from os-core-commonRemove Elasticsearch dependency from os-core-common. All services consuming os-core-common inherits Elasticsearch dependencies even though only Search and Indexer service is consumer of these.
Two interface defined in os-core-common ar...Remove Elasticsearch dependency from os-core-common. All services consuming os-core-common inherits Elasticsearch dependencies even though only Search and Indexer service is consumer of these.
Two interface defined in os-core-common are implemented by only Indexer service and they can be safely moved to Indexer service.
Related Indexer service MR: [261](https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/261)M10 - Release 0.13https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/135Added methods to increment and decrement key values for RedisCache with redis...2023-08-18T13:07:10ZAalekh JainAdded methods to increment and decrement key values for RedisCache with redis atomic methodsThe following methods are added in `RedisCache` class
```java
1. public Long increment(K key);
2. public Long incrementBy(K key, long amount);
3. public Long decrement(K key);
4. public Long decrementBy(K key, long amount);
```
This al...The following methods are added in `RedisCache` class
```java
1. public Long increment(K key);
2. public Long incrementBy(K key, long amount);
3. public Long decrement(K key);
4. public Long decrementBy(K key, long amount);
```
This allows for using the atomic methods to increment/decrement a key present in redis cache. This is used in order to prevent race conditions while updating the integer value of a key present in redis cache.
Without these methods, the flow for incrementing/decrementing the value would usually be something like -
```java
Integer value = redisCache.get(key);
redisCache.put(key, value + amount);
```
Note that this will result into race conditions when multiple increments/decrements take place.
One such scenarios is encountered in workflow ingestion service in the following MR: https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/199 hence these methods are needed.
cc: @kibattul , @vineethguna, @harshit283M10 - Release 0.13https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/134Cherry pick log4j 2.17 changes into release/0.122022-12-22T23:56:37ZDavid Diederichd.diederich@opengroup.orgCherry pick log4j 2.17 changes into release/0.12Original MR: !133
(cherry picked from commit 0cd70a2c545796b6c905d58620f4aee50c379abb)
Part of the #55 seriesOriginal MR: !133
(cherry picked from commit 0cd70a2c545796b6c905d58620f4aee50c379abb)
Part of the #55 seriesDavid Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/133Upgrade log4j to 2.172023-08-18T13:07:12ZAlok JoshiUpgrade log4j to 2.17Upgrading log4j dependency to latest version, 2.16 version has a security vulnerability
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-bom/2.16.0
Part of the #55 seriesUpgrading log4j dependency to latest version, 2.16 version has a security vulnerability
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-bom/2.16.0
Part of the #55 seriesM10 - Release 0.13Alok JoshiAlok Joshihttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/131Cherry-pick 'Updating log4j to 2.16 to address CVE-2021-45046'2022-12-22T23:56:45ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Updating log4j to 2.16 to address CVE-2021-45046'Original MR: !130
(cherry picked from commit 896b45d2a5239e38845b56b7e584c10e0a8e6f15)
Part of the #54 seriesOriginal MR: !130
(cherry picked from commit 896b45d2a5239e38845b56b7e584c10e0a8e6f15)
Part of the #54 seriesDavid Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/130Update log4j again2023-08-18T13:07:13ZDavid Diederichd.diederich@opengroup.orgUpdate log4j againUpdating log4j to 2.16 to address [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046)
Part of the #54 seriesUpdating log4j to 2.16 to address [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046)
Part of the #54 seriesM10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/129Cherry Pick 'Upgrade vulnerable dependencies according to WhiteSource alerts'2022-12-22T23:56:50ZDavid Diederichd.diederich@opengroup.orgCherry Pick 'Upgrade vulnerable dependencies according to WhiteSource alerts'Original MR: !128
(cherry picked from commit 0cd70a2c545796b6c905d58620f4aee50c379abb)
Part of the #54 seriesOriginal MR: !128
(cherry picked from commit 0cd70a2c545796b6c905d58620f4aee50c379abb)
Part of the #54 seriesDavid Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/128Upgrade vulnerable dependencies according to WhiteSource alerts2023-08-18T13:07:15ZDmitrii GerashchenkoUpgrade vulnerable dependencies according to WhiteSource alertsThere is a new critical vulnerability(CVE-2021-44228) has been exposed, which can lead to arbitrary code execution.
Log4j lib: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://community.opengroup.org/osdu/platform/s...There is a new critical vulnerability(CVE-2021-44228) has been exposed, which can lead to arbitrary code execution.
Log4j lib: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/52
Part of the #54 seriesM10 - Release 0.13Dmitrii GerashchenkoDmitrii Gerashchenkohttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/126Upgrade vulnerable dependencies according to WhiteSource alerts2023-08-18T13:07:17ZDmitrii GerashchenkoUpgrade vulnerable dependencies according to WhiteSource alerts**Issue:** https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/52
**WhiteSource's Security vulnerabilities list contains alerts:**
* spring-web-5.3.6.jar
* netty-codec-4.1.63.Final.jar
* netty-codec-4.1...**Issue:** https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/52
**WhiteSource's Security vulnerabilities list contains alerts:**
* spring-web-5.3.6.jar
* netty-codec-4.1.63.Final.jar
* netty-codec-4.1.63.Final.jar
* spring-security-oauth2-client-5.4.6.jar
* netty-all-4.1.63.Final.jar
* netty-handler-4.1.63.Final.jar
* gson-2.8.5.jar
* json-smart-2.4.2.jar
---
**Alerts descriptions:**
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-22118
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37136
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37137
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-22119
- https://github.com/netty/netty/issues/10362
- https://github.com/google/gson/pull/1991
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-31684
---
**Updates:**
- spring-boot.version: 2.4.[-5-] -> 2.4.[+12+]
- netty-bom.version: 4.1.[-63-].Final -> 4.1.[+70+].Final
- json-smart.version: 2.4.[+7+]
- gson.version: 2.8.[-5-] -> 2.8.[+9+]
---
**Successful pipeline:** https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/pipelines/77632
<details><summary>screenshot</summary>![image](/uploads/d26ee4e2e3ac6a2a93c8f76a6b997a58/image.png)</details>
**Related MRs:**
- **os-core-lib-azure:** https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/165
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/pipelines/78303
- <details><summary>screenshot</summary>![image](/uploads/82880ba928b00ea4c818be51f85b98c3/image.png)</details>
- **entitlements:** https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/149
- Successful pipeline: https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/pipelines/78617
- <details><summary>screenshot</summary>![image](/uploads/dbc61f0c520940573216fadc95e8139b/image.png)</details>
- **partition:** https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/117
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/78619
- <details><summary>screenshot</summary>![image](/uploads/d91211a3c37afc4c67ccae470f2d25f0/image.png)</details>
- **unit-service:** https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/merge_requests/115
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/pipelines/78626
- <details><summary>screenshot</summary>![image](/uploads/7926b86b814facd4c73e4ea8193d9dab/image.png)</details>
- **crs-conversion-service:** https://community.opengroup.org/osdu/platform/system/reference/crs-conversion-service/-/merge_requests/90
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/reference/crs-conversion-service/-/pipelines/78526
- <details><summary>screenshot</summary>![image](/uploads/61042606d00ce9a25ae9031e6c7b9807/image.png)</details>
- **crs-catalog-service:** https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/78
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/pipelines/78351
- <details><summary>screenshot</summary>![image](/uploads/163f01078184ea08263abbcb4cd4da50/image.png)</details>M10 - Release 0.13Dmitrii GerashchenkoDmitrii Gerashchenkohttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/125Kind update2022-09-16T08:15:37ZAlok JoshiKind updateSupport for kind update event. Refer to this [ADR](https://community.opengroup.org/osdu/platform/system/home/-/issues/81)Support for kind update event. Refer to this [ADR](https://community.opengroup.org/osdu/platform/system/home/-/issues/81)M11 - Release 0.14Alok JoshiAlok Joshihttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/123update legal validation for parent record id according to new requirements2023-08-18T13:07:18ZYauheni Lesnikauupdate legal validation for parent record id according to new requirementsIssue: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/51Issue: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/51M10 - Release 0.13Yauheni LesnikauYauheni Lesnikauhttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/122models for schema service events2023-08-18T13:07:20ZNeelesh Thakurmodels for schema service eventsIssue: [41](https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/41)Issue: [41](https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/41)M10 - Release 0.13https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/121fix fossa NOTICE -- for getting latest rc package2023-08-18T13:07:22ZNeelesh Thakurfix fossa NOTICE -- for getting latest rc packageM9 - Release 0.12https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/120fix fossa NOTICE to get latest rc package2023-08-18T13:07:23ZNeelesh Thakurfix fossa NOTICE to get latest rc packageM9 - Release 0.12https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/119Sanitize untrusted text before using in Hibernate2022-09-16T08:33:16ZRobert Chadwick [Schlumberger]Sanitize untrusted text before using in HibernateEscape untrusted text so a malicious user is unable to trigger remote code execution exploits by sending special text within the JSON body.
Hibernate will interpolate text surrounded by `${}` which can include arbitrary Java. Untrusted...Escape untrusted text so a malicious user is unable to trigger remote code execution exploits by sending special text within the JSON body.
Hibernate will interpolate text surrounded by `${}` which can include arbitrary Java. Untrusted data must be escaped to prevent these values from being interpolated during the call to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()`.
Linked Gitlab issue: https://community.opengroup.org/osdu/platform/system/home/-/issues/90M9 - Release 0.12Robert Chadwick [Schlumberger]Robert Chadwick [Schlumberger]https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/117include null in query response2023-08-18T13:07:25ZNeelesh Thakurinclude null in query responseRelated Indexer MR and Issue: [197](https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/197)Related Indexer MR and Issue: [197](https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/197)M9 - Release 0.12https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/116Validation error on patch endpoint for Storage Service reveals stack trace info2023-08-18T13:07:26ZSpencer Suttonsuttonsp@amazon.comValidation error on patch endpoint for Storage Service reveals stack trace infoBelow image shows improper result:
![image](/uploads/717077f4381930ef43e18b1fc9b0c8ff/image.png)
This is because corresponding validator is missing a null check which I've added in this MRBelow image shows improper result:
![image](/uploads/717077f4381930ef43e18b1fc9b0c8ff/image.png)
This is because corresponding validator is missing a null check which I've added in this MRM9 - Release 0.12Spencer Suttonsuttonsp@amazon.comSpencer Suttonsuttonsp@amazon.comhttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/115Added a generic object named "additionalProperties" to be stored with status ...2023-08-18T13:07:28ZPramesh PatilAdded a generic object named "additionalProperties" to be stored with status info to store any related informationIssue - https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/50Issue - https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/50M9 - Release 0.12https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/113remove deprecated search API from client lib2023-08-18T13:07:29ZNeelesh Thakurremove deprecated search API from client libRemove deprecated/legacy Search Service API from client lib. These endpoints do not exist in OSDU Search Service.Remove deprecated/legacy Search Service API from client lib. These endpoints do not exist in OSDU Search Service.M8 - Release 0.11