diff --git a/.ci/dependency-checker/suppressedLibraries.xml b/.ci/dependency-checker/suppressedLibraries.xml
index 1150abff87..529b911945 100644
--- a/.ci/dependency-checker/suppressedLibraries.xml
+++ b/.ci/dependency-checker/suppressedLibraries.xml
@@ -10,5 +10,22 @@
cpe:/a:apache:struts:2.0.0
-->
-
+
+
+
+ ^io\.atomix\.catalyst:catalyst-netty:.*$
+ CVE-2014-3488
+
+
+
+
+ ^commons-cli:commons-cli:.*$
+ CVE-2016-6497
+
+
+
+
+ ^commons-cli:commons-cli:.*$
+ CVE-2015-3253
+
diff --git a/build.gradle b/build.gradle
index 0541f3fadf..6b0f7e5764 100644
--- a/build.gradle
+++ b/build.gradle
@@ -22,19 +22,19 @@ buildscript {
ext.asm_version = '0.5.3'
ext.artemis_version = '2.1.0'
- ext.jackson_version = '2.8.5'
- ext.jetty_version = '9.3.9.v20160517'
+ ext.jackson_version = '2.9.2'
+ ext.jetty_version = '9.4.7.v20170914'
ext.jersey_version = '2.25'
ext.jolokia_version = '2.0.0-M3'
- ext.assertj_version = '3.6.1'
+ ext.assertj_version = '3.8.0'
ext.slf4j_version = '1.7.25'
- ext.log4j_version = '2.7'
+ ext.log4j_version = '2.9.1'
ext.bouncycastle_version = constants.getProperty("bouncycastleVersion")
ext.guava_version = constants.getProperty("guavaVersion")
ext.okhttp_version = '3.5.0'
ext.netty_version = '4.1.9.Final'
ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion")
- ext.fileupload_version = '1.3.2'
+ ext.fileupload_version = '1.3.3'
ext.junit_version = '4.12'
ext.mockito_version = '2.10.0'
ext.jopt_simple_version = '5.0.2'
@@ -46,6 +46,8 @@ buildscript {
ext.dokka_version = '0.9.14'
ext.eddsa_version = '0.2.0'
ext.dependency_checker_version = '3.0.1'
+ ext.commons_collections_version = '4.1'
+ ext.beanutils_version = '1.9.3'
// Update 121 is required for ObjectInputFilter and at time of writing 131 was latest:
ext.java8_minUpdateVersion = '131'
diff --git a/client/jfx/build.gradle b/client/jfx/build.gradle
index aaf1d5fd14..0e84e78f37 100644
--- a/client/jfx/build.gradle
+++ b/client/jfx/build.gradle
@@ -37,6 +37,9 @@ dependencies {
compile 'org.fxmisc.easybind:easybind:1.0.3'
// Artemis Client: ability to connect to an Artemis broker and control it.
+ // TODO: remove the forced update of commons-collections and beanutils when artemis updates them
+ compile "org.apache.commons:commons-collections4:${commons_collections_version}"
+ compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}"
// Unit testing helpers.
diff --git a/node-api/build.gradle b/node-api/build.gradle
index a9384bd4ab..76abc37bea 100644
--- a/node-api/build.gradle
+++ b/node-api/build.gradle
@@ -11,6 +11,10 @@ dependencies {
compile "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
+
+ // TODO: remove the forced update of commons-collections and beanutils when artemis updates them
+ compile "org.apache.commons:commons-collections4:${commons_collections_version}"
+ compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}"
compile "org.apache.activemq:artemis-commons:${artemis_version}"
diff --git a/node/build.gradle b/node/build.gradle
index 7d3313d454..9bc48d5ca8 100644
--- a/node/build.gradle
+++ b/node/build.gradle
@@ -95,6 +95,9 @@ dependencies {
compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version"
// Artemis: for reliable p2p message queues.
+ // TODO: remove the forced update of commons-collections and beanutils when artemis updates them
+ compile "org.apache.commons:commons-collections4:${commons_collections_version}"
+ compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-server:${artemis_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}"
runtime ("org.apache.activemq:artemis-amqp-protocol:${artemis_version}") {
diff --git a/verifier/build.gradle b/verifier/build.gradle
index 33e4869dfd..ad0f9ff686 100644
--- a/verifier/build.gradle
+++ b/verifier/build.gradle
@@ -33,6 +33,10 @@ dependencies {
compile "org.jetbrains.kotlin:kotlin-stdlib-jre8:$kotlin_version"
compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
testCompile "org.jetbrains.kotlin:kotlin-test:$kotlin_version"
+
+ // TODO: remove the forced update of commons-collections and beanutils when artemis updates them
+ compile "org.apache.commons:commons-collections4:${commons_collections_version}"
+ compile "commons-beanutils:commons-beanutils:${beanutils_version}"
compile "org.apache.activemq:artemis-core-client:${artemis_version}"
// Log4J: logging framework (with SLF4J bindings)
diff --git a/webserver/build.gradle b/webserver/build.gradle
index 15fa109983..166a8fe3aa 100644
--- a/webserver/build.gradle
+++ b/webserver/build.gradle
@@ -49,6 +49,9 @@ dependencies {
compile "net.sf.jopt-simple:jopt-simple:$jopt_simple_version"
// Jersey for JAX-RS implementation for use in Jetty
+ // TODO: remove force upgrade when jersey catches up
+ compile "org.eclipse.jetty:jetty-continuation:${jetty_version}"
+
compile "org.glassfish.jersey.core:jersey-server:$jersey_version"
compile "org.glassfish.jersey.containers:jersey-container-servlet-core:$jersey_version"
compile "org.glassfish.jersey.containers:jersey-container-jetty-http:$jersey_version"