From d132f759a96ed112542c2d26cca47e5f3f084811 Mon Sep 17 00:00:00 2001
From: Thulasi Dass Subramanian <thulasi_dass_subramanian@epam.com>
Date: Tue, 20 Aug 2024 05:14:36 +0000
Subject: [PATCH] [#MS44899] Remediate redisson vulnerability

---
 NOTICE                        |  2 +-
 provider/search-azure/pom.xml | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/NOTICE b/NOTICE
index 594399cc9..4f53e0ae6 100644
--- a/NOTICE
+++ b/NOTICE
@@ -74,7 +74,7 @@ The following software have components provided under the terms of this license:
 - Byte Buddy (without dependencies) (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy)
 - Byte Buddy Java agent (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy-agent)
 - ClassMate (from http://github.com/cowtowncoder/java-classmate)
-- Cloud Key Management Service (KMS) API (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-cloudkms)
+- Cloud Key Management Service (KMS) API v1-rev20240801-2.0.0 (from https://repo1.maven.org/maven2/com/google/apis/google-api-services-cloudkms)
 - Collections (from https://repo1.maven.org/maven2/commons-collections/commons-collections)
 - Commons Digester (from http://commons.apache.org/digester/)
 - Converter: Jackson (from https://github.com/square/retrofit, https://repo1.maven.org/maven2/com/squareup/retrofit2/converter-jackson)
diff --git a/provider/search-azure/pom.xml b/provider/search-azure/pom.xml
index 53db57eb4..043a08e9c 100644
--- a/provider/search-azure/pom.xml
+++ b/provider/search-azure/pom.xml
@@ -111,6 +111,12 @@
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>core-lib-azure-spring6</artifactId>
             <version>${core-lib-azure-spring6.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.redisson</groupId>
+                    <artifactId>redisson</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -168,6 +174,11 @@
             <artifactId>spring-boot-configuration-processor</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>org.redisson</groupId>
+            <artifactId>redisson</artifactId>
+            <version>3.33.0</version>
+        </dependency>
 
         <dependency>
             <groupId>io.micrometer</groupId>
-- 
GitLab