From 0ab4ac94c880aa98033cf618e82be7a8c54dcc6c Mon Sep 17 00:00:00 2001 From: Chris Cochrane <78791827+chriscochrane@users.noreply.github.com> Date: Fri, 30 Sep 2022 17:49:21 +0100 Subject: [PATCH] ENT-6903 - address security issues reported by Snyk (#7244) ENT-6903: Update versions of BC, Shiro, Netty okhttp Also updated platform version to 12. --- build.gradle | 1 - constants.properties | 12 ++++++------ .../kotlin/net/corda/core/internal/CordaUtils.kt | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index 262c0320b7..1461a6d005 100644 --- a/build.gradle +++ b/build.gradle @@ -106,7 +106,6 @@ buildscript { ext.hikari_version = constants.getProperty("hikariVersion") ext.liquibase_version = constants.getProperty("liquibaseVersion") ext.artifactory_contextUrl = 'https://software.r3.com/artifactory' - ext.snake_yaml_version = constants.getProperty('snakeYamlVersion') ext.docker_compose_rule_version = constants.getProperty("dockerComposeRuleVersion") ext.selenium_version = constants.getProperty("seleniumVersion") ext.ghostdriver_version = constants.getProperty("ghostdriverVersion") diff --git a/constants.properties b/constants.properties index 3f63879556..7abfbb8df0 100644 --- a/constants.properties +++ b/constants.properties @@ -12,7 +12,7 @@ java8MinUpdateVersion=171 # When incrementing platformVersion make sure to update # # net.corda.core.internal.CordaUtilsKt.PLATFORM_VERSION as well. # # ***************************************************************# -platformVersion=11 +platformVersion=12 guavaVersion=28.0-jre # Quasar version to use with Java 8: quasarVersion=0.7.15_r3 @@ -21,13 +21,13 @@ quasarVersion11=0.8.1_r3 jdkClassifier11=jdk11 dockerJavaVersion=3.2.5 proguardVersion=6.1.1 -bouncycastleVersion=1.68 +// bouncy castle version must not be changed on a patch release. Needs a full release test cycle to flush out any issues. +bouncycastleVersion=1.69 classgraphVersion=4.8.135 disruptorVersion=3.4.2 typesafeConfigVersion=1.3.4 jsr305Version=3.0.2 artifactoryPluginVersion=4.16.1 -snakeYamlVersion=1.19 caffeineVersion=2.9.3 metricsVersion=4.1.0 metricsNewRelicVersion=1.1.1 @@ -56,8 +56,8 @@ servletVersion=4.0.1 assertjVersion=3.12.2 slf4JVersion=1.7.30 log4JVersion=2.17.1 -okhttpVersion=3.14.2 -nettyVersion=4.1.77.Final +okhttpVersion=3.14.9 +nettyVersion=4.1.82.Final fileuploadVersion=1.4 kryoVersion=4.0.2 kryoSerializerVersion=0.43 @@ -83,7 +83,7 @@ eddsaVersion=0.3.0 dependencyCheckerVersion=5.2.0 commonsCollectionsVersion=4.3 beanutilsVersion=1.9.4 -shiroVersion=1.8.0 +shiroVersion=1.9.1 hikariVersion=3.3.1 liquibaseVersion=3.6.3 dockerComposeRuleVersion=1.5.0 diff --git a/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt b/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt index 3e09be0ff4..72608450cb 100644 --- a/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt +++ b/core/src/main/kotlin/net/corda/core/internal/CordaUtils.kt @@ -30,7 +30,7 @@ import java.util.jar.JarInputStream // When incrementing platformVersion make sure to update PLATFORM_VERSION in constants.properties as well. -const val PLATFORM_VERSION = 11 +const val PLATFORM_VERSION = 12 fun ServicesForResolution.ensureMinimumPlatformVersion(requiredMinPlatformVersion: Int, feature: String) { checkMinimumPlatformVersion(networkParameters.minimumPlatformVersion, requiredMinPlatformVersion, feature)