diff --git a/notification-core/pom.xml b/notification-core/pom.xml
index 4fadc3d8619a364904fc97fca963b1972f4dd284..de0485a83f4b62ab52d668ba42b6c852574b6b09 100644
--- a/notification-core/pom.xml
+++ b/notification-core/pom.xml
@@ -36,6 +36,8 @@
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
<springfox-version>2.7.0</springfox-version>
+ <netty.version>4.1.65.Final</netty.version>
+ <undertow.version>2.1.7.Final</undertow.version>
</properties>
<dependencies>
@@ -131,11 +133,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>io.undertow</groupId>
- <artifactId>undertow-core</artifactId>
- <version>2.0.27.Final</version>
- </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
@@ -215,6 +212,83 @@
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
+
+ <!-- overriding packages with known vulnerabilities -->
+ <!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Anetty&cpe_product=cpe%3A%2F%3Anetty%3Anetty&cpe_version=cpe%3A%2F%3Anetty%3Anetty%3A4.1.38-->
+ <!-- See: https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6-->
+ <!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.0.23-->
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-transport</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-transport-native-unix-common</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-resolver</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-handler</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-codec-http2</artifactId>
+ <version>${netty.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-transport-native-epoll</artifactId>
+ <version>${netty.version}</version>
+ <classifier>linux-x86_64</classifier>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>com.google.oauth-client</groupId>
+ <artifactId>google-oauth-client</artifactId>
+ <version>1.31.5</version>
+ </dependency>
+ <dependency>
+ <groupId>io.undertow</groupId>
+ <artifactId>undertow-core</artifactId>
+ <version>${undertow.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.undertow</groupId>
+ <artifactId>undertow-servlet</artifactId>
+ <version>${undertow.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.undertow</groupId>
+ <artifactId>undertow-websockets-jsr</artifactId>
+ <version>${undertow.version}</version>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/pom.xml b/pom.xml
index 66dac6053767ca9c32d9b671520c8289db2ca89e..7a67658e4c648be6461871698f165ee2478bced4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
- <version>2.1.7.RELEASE</version>
+ <version>2.1.18.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -53,6 +53,19 @@
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
</dependency>
+
+ <!-- overriding packages with known vulnerabilities -->
+ <!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.9-->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.12.3</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.12.3</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/provider/notification-aws/maven/settings.xml b/provider/notification-aws/maven/settings.xml
index 3dbde15f47c27d083537fa2f0b280f97f9aa54b5..1bfc43ac96aafb6790498c6f0acef3ca0818a98f 100644
--- a/provider/notification-aws/maven/settings.xml
+++ b/provider/notification-aws/maven/settings.xml
@@ -1,18 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright © 2020 Amazon Web Services
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.​
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
@@ -63,15 +64,14 @@
</server>
</servers>
- <!-- CodeArtifact doesn't support external repos yet that aren't Maven Central. ETA Q4 2020. -->
- <!-- <mirrors> -->
- <!-- <mirror> -->
- <!-- <id>aws-osdu-dev-maven</id> -->
- <!-- <name>aws-osdu-dev-maven</name> -->
- <!-- <url>https://osdu-dev-888733619319.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url> -->
- <!-- <mirrorOf>*,!gitlab-os-core-common-maven</mirrorOf> -->
- <!-- </mirror> -->
- <!-- </mirrors> -->
+ <mirrors>
+ <mirror>
+ <id>aws-osdu-dev-maven</id>
+ <name>aws-osdu-dev-maven</name>
+ <url>https://osdu-dev-${AWS_ACCOUNT_ID}.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url>
+ <mirrorOf>central,!gitlab-os-core-common-maven,!gitlab-os-core-lib-aws-maven</mirrorOf>
+ </mirror>
+ </mirrors>
<activeProfiles>
<activeProfile>credentialsConfiguration</activeProfile>
diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index 677d2b4c46862ce406706553a27b0d2a0330912a..f2cf1a2f137b69bb68b806b59c8c70bc94eebcd1 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -39,16 +39,10 @@
</properties>
<dependencies>
- <!-- <dependency>
- <groupId>org.opengroup.osdu</groupId>
- <artifactId>os-core-common</artifactId>
- </dependency> -->
-
-
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.9.0</version>
+ <version>0.10.0-SNAPSHOT</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
@@ -94,6 +88,7 @@
<version>4.12</version>
<scope>test</scope>
</dependency>
+
</dependencies>
<build>
diff --git a/provider/notification-aws/src/main/resources/application.properties b/provider/notification-aws/src/main/resources/application.properties
index 704966d16d904a03b2c712057b97a0772d96bdac..b524fa658546350df74cca9f56401ef12e179289 100644
--- a/provider/notification-aws/src/main/resources/application.properties
+++ b/provider/notification-aws/src/main/resources/application.properties
@@ -48,3 +48,5 @@ server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password=${SSL_KEY_PASSWORD:}
server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
\ No newline at end of file