[MS-43811] remediate tomcat vulnerability

60ceb7b8 · VidyaDharani Lokam · 79f0cb6c · 60ceb7b8 · 60ceb7b8 · 60ceb7b8
Commit 60ceb7b8 authored 8 months ago by VidyaDharani Lokam
--- a/NOTICE
+++ b/NOTICE
@@ -466,6 +466,7 @@ LGPL-2.1-only
 The following software have components provided under the terms of this license:

 - Java Native Access Platform (from https://github.com/java-native-access/jna)
+- Javassist (from http://www.javassist.org/, https://www.javassist.org/)
 - Logback Classic Module (from http://logback.qos.ch, https://repo1.maven.org/maven2/ch/qos/logback/logback-classic)
 - Logback Contrib :: JSON :: Classic (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-classic)
 - Logback Contrib :: JSON :: Core (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-core)
@@ -552,13 +553,6 @@ The following software have components provided under the terms of this license:
 - msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
 - msal4j-persistence-extension (from https://github.com/AzureAD/microsoft-authentication-extensions-for-java, https://github.com/AzureAD/microsoft-authentication-library-for-java)

-========================================================================
-MPL-1.1
-========================================================================
-The following software have components provided under the terms of this license:
-
- Javassist (from http://www.javassist.org/, https://www.javassist.org/)
-
 ========================================================================
 SAX-PD
 ========================================================================

--- a/pom.xml
+++ b/pom.xml
@@ -14,6 +14,9 @@
        <lucene.version>8.0.0</lucene.version>
        <log4j.version>2.17.1</log4j.version>
        <json-smart.version>2.5.0</json-smart.version>
+        <spring-boot.version>3.3.1</spring-boot.version>
+        <spring-security.version>6.3.1</spring-security.version>
+        <spring-framework.version>6.1.10</spring-framework.version>
    </properties>

    <licenses>
@@ -59,6 +62,25 @@
    </distributionManagement>
    <dependencyManagement>
        <dependencies>
+            <dependency>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-dependencies</artifactId>
+                <version>${spring-boot.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-framework-bom</artifactId>
+                <version>${spring-framework.version}</version>
+                <type>pom</type>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-bom</artifactId>
+                <version>${spring-security.version}</version>
+                <type>pom</type>
+            </dependency>
            <dependency>
                <groupId>org.yaml</groupId>
                <artifactId>snakeyaml</artifactId>

--- a/provider/unit-azure/unit-aks/pom.xml
+++ b/provider/unit-azure/unit-aks/pom.xml
@@ -27,9 +27,6 @@
        <maven.compiler.source>17</maven.compiler.source>
        <maven.compiler.target>17</maven.compiler.target>
        <core-lib-azure-spring6.version>0.27.0-rc2</core-lib-azure-spring6.version>
-        <jackson-databind.version>2.14.0</jackson-databind.version>
-        <jackson.version>2.13.2</jackson.version>
-        <reactor-netty-http.version>1.1.14</reactor-netty-http.version>
    </properties>

    <dependencies>
@@ -58,27 +55,7 @@
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-active-directory</artifactId>
-            <version>5.12.0</version>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-core</artifactId>
-            <version>${jackson.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-            <version>${jackson-databind.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-annotations</artifactId>
-            <version>${jackson.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>io.projectreactor.netty</groupId>
-            <artifactId>reactor-netty-http</artifactId>
-            <version>${reactor-netty-http.version}</version>
+            <version>5.13.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>