BTB-47 Aktualisierung der Bibliotheken
diff --git a/pom.xml b/pom.xml
index 75a9bef..5b62261 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
<properties>
<skip.asciidoc>false</skip.asciidoc>
- <httpclient.version>4.5.3</httpclient.version>
+ <httpclient.version>4.5.13</httpclient.version>
<jersey-bundle.version>1.19.3</jersey-bundle.version>
<org.json.version>20160810</org.json.version>
<jersey.server.version>1.19.3</jersey.server.version>
@@ -25,10 +25,48 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<servlet-api>2.5</servlet-api>
<maven.test.skip>false</maven.test.skip>
- <jacoco-maven-plugin.version>0.7.9</jacoco-maven-plugin.version>
- <sonar-maven-plugin.version>3.0.2</sonar-maven-plugin.version>
- <hibernate-annotations.version>3.5.6-Final</hibernate-annotations.version>
+ <jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version>
+ <sonar-maven-plugin.version>3.2</sonar-maven-plugin.version>
+ <dependency-check-maven.version>6.1.5</dependency-check-maven.version>
+ <hibernate-core.version>5.4.30.Final</hibernate-core.version>
</properties>
+
+ <profiles>
+ <profile>
+ <id>local-fast-build</id>
+ <properties>
+ <skip.asciidoc>true</skip.asciidoc>
+ <maven.test.skip>true</maven.test.skip>
+ </properties>
+ </profile>
+ <profile>
+ <id>securitycheck</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${dependency-check-maven.version}</version>
+ <configuration>
+ <skipProvidedScope>true</skipProvidedScope>
+ <skipRuntimeScope>true</skipRuntimeScope>
+ <failBuildOnCVSS>7</failBuildOnCVSS>
+ <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+ <suppressionFiles>${basedir}/securitycheck/suppressed.xml</suppressionFiles>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
<dependencies>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
@@ -95,6 +133,18 @@
<artifactId>postgresql</artifactId>
<version>42.2.18</version>
</dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ <version>4.4</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ <version>3.12.0</version>
+ </dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
@@ -105,6 +155,7 @@
<groupId>org.easymock</groupId>
<artifactId>easymock</artifactId>
<version>${easymock.version}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
@@ -122,16 +173,17 @@
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco-maven-plugin.version}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
- <version>2.5.4</version>
+ <version>2.12.3</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
- <artifactId>hibernate-annotations</artifactId>
- <version>${hibernate-annotations.version}</version>
+ <artifactId>hibernate-core</artifactId>
+ <version>${hibernate-core.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -141,7 +193,7 @@
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
- <version>3.2.0</version>
+ <version>3.15.0</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
@@ -160,11 +212,6 @@
</exclusion>
</exclusions>-->
</dependency>
-<!-- <dependency>-->
-<!-- <groupId>javax.mail</groupId>-->
-<!-- <artifactId>mail</artifactId>-->
-<!-- <version>${javax.mail.version}</version>-->
-<!-- </dependency>-->
<!-- https://mvnrepository.com/artifact/com.sun.mail/jakarta.mail -->
<dependency>
<groupId>com.sun.mail</groupId>
@@ -203,8 +250,9 @@
</configuration>
</plugin>
<plugin>
+ <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
- <version>2.1</version>
+ <version>3.3.1</version>
<configuration>
<archive>
<manifest>
@@ -220,7 +268,7 @@
<version>2.7</version>
</plugin>
<plugin>
- <groupId>org.codehaus.mojo</groupId>
+ <groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>${sonar-maven-plugin.version}</version>
</plugin>
diff --git a/securitycheck/suppressed.xml b/securitycheck/suppressed.xml
new file mode 100644
index 0000000..0b7abcb
--- /dev/null
+++ b/securitycheck/suppressed.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+ <suppress>
+ <notes><![CDATA[
+ file name: log4j-1.2.16.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/log4j/log4j@.*$</packageUrl>
+ <vulnerabilityName>CVE-2019-17571</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: log4j-1.2.16.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/log4j/log4j@.*$</packageUrl>
+ <vulnerabilityName>CVE-2020-9488</vulnerabilityName>
+ </suppress>
+</suppressions>
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/openk/elogbook/controller/BackendControllerResponsibility.java b/src/main/java/org/eclipse/openk/elogbook/controller/BackendControllerResponsibility.java
index 1e7d0f7..8e48cd5 100644
--- a/src/main/java/org/eclipse/openk/elogbook/controller/BackendControllerResponsibility.java
+++ b/src/main/java/org/eclipse/openk/elogbook/controller/BackendControllerResponsibility.java
@@ -18,7 +18,7 @@
import java.util.Date;
import java.util.List;
import javax.persistence.EntityManager;
-import org.apache.commons.lang.SerializationUtils;
+import org.apache.commons.lang3.SerializationUtils;
import org.apache.log4j.Logger;
import org.eclipse.openk.elogbook.common.JsonGeneratorBase;
import org.eclipse.openk.elogbook.common.mapper.HResponsibilityMapper;
diff --git a/src/main/java/org/eclipse/openk/elogbook/controller/EmailService.java b/src/main/java/org/eclipse/openk/elogbook/controller/EmailService.java
index 33309dc..d46b853 100644
--- a/src/main/java/org/eclipse/openk/elogbook/controller/EmailService.java
+++ b/src/main/java/org/eclipse/openk/elogbook/controller/EmailService.java
@@ -13,8 +13,8 @@
import jakarta.mail.MessagingException;
-import org.apache.commons.lang.time.DateFormatUtils;
-import org.apache.commons.lang.time.DateUtils;
+import org.apache.commons.lang3.time.DateFormatUtils;
+import org.apache.commons.lang3.time.DateUtils;
import org.apache.log4j.Logger;
import org.eclipse.openk.elogbook.common.BackendConfig;
import org.eclipse.openk.elogbook.common.Globals;