Merge branch 'lobtimo-cve-fix' into 'master'

Resolve spring and netty CVE See merge request !721

Merge branch 'lobtimo-cve-fix' into 'master'
456d1fa0 · Timothy Lobl · 2ca84d70 · 183005f2 · 456d1fa0 · 456d1fa0
Commit 456d1fa0 authored 4 months ago by Timothy Lobl
--- a/NOTICE
+++ b/NOTICE
@@ -192,7 +192,7 @@ The following software have components provided under the terms of this license:
 - RESTEasy JAX-RS Implementation (from https://repo1.maven.org/maven2/org/jboss/resteasy/resteasy-jaxrs)
 - RESTEasy JAX-RS services (from https://repo1.maven.org/maven2/org/jboss/resteasy/resteasy-jaxrs-services)
 - RESTEasy Jackson 2 Provider (from https://repo1.maven.org/maven2/org/jboss/resteasy/resteasy-jackson2-provider)
- Redisson (from http://redisson.org)
+- Redisson (from http://redisson.org, https://redisson.pro)
 - Retrofit (from https://github.com/square/retrofit, https://repo1.maven.org/maven2/com/squareup/retrofit2/retrofit)
 - RxJava (from https://github.com/ReactiveX/RxJava)
 - Shaded Protobuf (from https://repo1.maven.org/maven2/io/prometheus/prometheus-metrics-shaded-protobuf)
@@ -377,7 +377,7 @@ The following software have components provided under the terms of this license:
 - Protocol Buffer Java API (from http://code.google.com/p/protobuf, https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java)
 - Protocol Buffers [Util] (from https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util)
 - RE2/J (from http://github.com/google/re2j)
- Redisson (from http://redisson.org)
+- Redisson (from http://redisson.org, https://redisson.pro)
 - ReflectASM (from https://github.com/EsotericSoftware/reflectasm)
 - ServiceLocator Default Implementation (from https://repo1.maven.org/maven2/org/glassfish/hk2/hk2-locator)
 - Shaded Protobuf (from https://repo1.maven.org/maven2/io/prometheus/prometheus-metrics-shaded-protobuf)
@@ -426,7 +426,7 @@ The following software have components provided under the terms of this license:
 - Hibernate Validator (from https://hibernate.org/validator, https://repo1.maven.org/maven2/org/hibernate/hibernate-validator, https://repo1.maven.org/maven2/org/hibernate/validator/hibernate-validator)
 - LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
 - Netty/Common (from https://repo1.maven.org/maven2/io/netty/netty-common)
- Redisson (from http://redisson.org)
+- Redisson (from http://redisson.org, https://redisson.pro)
 - jersey-container-servlet (from https://repo1.maven.org/maven2/org/glassfish/jersey/containers/jersey-container-servlet)
 - jersey-container-servlet-core (from https://repo1.maven.org/maven2/org/glassfish/jersey/containers/jersey-container-servlet-core)
 - jersey-core-client (from https://repo1.maven.org/maven2/org/glassfish/jersey/core/jersey-client)

--- a/pom.xml
+++ b/pom.xml
@@ -40,12 +40,12 @@
        <commons-compress.version>1.21</commons-compress.version>
        <osdu.oscorecommon.version>2.0.0</osdu.oscorecommon.version>
        <spring-framework-version>6.1.13</spring-framework-version>
-        <spring-security.version>6.3.1</spring-security.version>
+        <spring-security.version>6.3.4</spring-security.version>
        <openapi.version>2.5.0</openapi.version>
        <json-smart.version>2.5.0</json-smart.version>
        <mockito-core.version>5.12.0</mockito-core.version>
        <mockito-inline.version>5.2.0</mockito-inline.version>
-        <spring-boot.version>3.3.1</spring-boot.version>
+        <spring-boot.version>3.3.5</spring-boot.version>
    </properties>

    <licenses>

--- a/provider/search-aws/pom.xml
+++ b/provider/search-aws/pom.xml
@@ -109,6 +109,11 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-common</artifactId>
+            <version>4.1.115.Final</version>
+        </dependency>

        <!-- Testing packages -->
        <dependency>