Skip to content
Snippets Groups Projects
Commit 52b7efb3 authored by Marc Burnie [AWS]'s avatar Marc Burnie [AWS]
Browse files

Merge branch 'aws-fix-cve' into 'master' 

Fixing tomcat DoS vulnerability on AWS

See merge request !487
parents 54e8225a 144693b3
No related branches found
No related tags found
1 merge request!487Fixing tomcat DoS vulnerability on AWS
Pipeline #276056 failed
Stage: build
Stage: coverage
Stage: containerize
Stage: scan
Stage: deploy
Stage: integration
Stage: publish
Hide whitespace changes
Inline Side-by-side
NOTICE
+ 0
35
View file @ 52b7efb3
......@@ -16,9 +16,6 @@ Apache-1.1
The following software have components provided under the terms of this license:
- AspectJ Weaver (from http://www.aspectj.org, https://www.eclipse.org/aspectj/)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Proton-J (from https://repo1.maven.org/maven2/org/apache/qpid/proton-j)
========================================================================
......@@ -146,9 +143,6 @@ The following software have components provided under the terms of this license:
- Kotlin Stdlib Jdk8 (from <https://kotlinlang.org/>, https://kotlinlang.org/)
- Lucene Core (from https://repo1.maven.org/maven2/org/apache/lucene/lucene-core)
- Metrics Core (from https://repo1.maven.org/maven2/io/dropwizard/metrics/metrics-core)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Netty HTTP Client Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure SDK for SQL API of Azure Cosmos DB Service (from https://github.com/Azure/azure-sdk-for-java)
......@@ -352,9 +346,6 @@ The following software have components provided under the terms of this license:
- Jakarta RESTful WS API (from https://github.com/eclipse-ee4j/jaxrs-api, https://repo1.maven.org/maven2/jakarta/ws/rs/jakarta.ws.rs-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api, https://repo1.maven.org/maven2/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec)
- Lucene Core (from https://repo1.maven.org/maven2/org/apache/lucene/lucene-core)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Netty/Codec/HTTP (from https://repo1.maven.org/maven2/io/netty/netty-codec-http)
- Old JAXB Core (from <https://eclipse-ee4j.github.io/jaxb-ri/>, https://eclipse-ee4j.github.io/jaxb-ri/, https://repo1.maven.org/maven2/com/sun/xml/bind/jaxb-impl)
- PostgreSQL JDBC Driver
......@@ -367,15 +358,6 @@ The following software have components provided under the terms of this license:
- ThreeTen backport (from https://github.com/ThreeTen/threetenbp, https://www.threeten.org/threetenbp)
- jersey-core-common (from https://repo1.maven.org/maven2/org/glassfish/jersey/core/jersey-common)
========================================================================
Beerware
========================================================================
The following software have components provided under the terms of this license:
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
========================================================================
BouncyCastle
========================================================================
......@@ -391,15 +373,6 @@ The following software have components provided under the terms of this license:
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- MongoDB Java Driver (from http://mongodb.org/, http://www.mongodb.org, https://www.mongodb.com/)
========================================================================
CC-BY-4.0
========================================================================
The following software have components provided under the terms of this license:
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
========================================================================
CC0-1.0
========================================================================
......@@ -460,9 +433,6 @@ The following software have components provided under the terms of this license:
- Logback Contrib :: JSON :: Core (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-core)
- Logback Contrib :: Jackson (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-jackson)
- Logback Core Module (from http://logback.qos.ch, https://repo1.maven.org/maven2/ch/qos/logback/logback-core)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- jsonoverlay (from https://github.com/RepreZen/JsonOverlay)
- openapi-parser (from https://github.com/RepreZen/KaiZen-OpenAPI-Parser)
......@@ -542,9 +512,6 @@ The following software have components provided under the terms of this license:
- Logback Contrib :: JSON :: Core (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-core)
- Logback Contrib :: Jackson (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-jackson)
- Logback Core Module (from http://logback.qos.ch, https://repo1.maven.org/maven2/ch/qos/logback/logback-core)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
========================================================================
LGPL-2.1-or-later
......@@ -575,8 +542,6 @@ The following software have components provided under the terms of this license:
- Java JWT (from http://www.jwt.io, https://github.com/auth0/java-jwt)
- Lucene Core (from https://repo1.maven.org/maven2/org/apache/lucene/lucene-core)
- Microsoft Application Insights Java Agent (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Java SDK Spring Boot starter (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Application Insights Log4j 2 Appender (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure Java Core AMQP Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Java Core Library (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure Java JSON Library (from https://github.com/Azure/azure-sdk-for-java)
......
provider/register-aws/pom.xml
+ 7
2
View file @ 52b7efb3
......@@ -43,8 +43,8 @@
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common-spring6</artifactId>
<version>${os-core-common-spring6.version}</version>
<artifactId>os-core-common-spring6</artifactId>
<version>${os-core-common-spring6.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
......@@ -87,6 +87,11 @@
<artifactId>spring-web</artifactId>
<version>6.1.10</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>10.1.25</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment