From 7cde5523dca15e426caaf82f204fffe97dc78641 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Tue, 9 Jul 2024 16:13:53 +0100 Subject: [PATCH 1/8] Dependency updates for security issues --- build.gradle | 2 +- constants.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 96ce544967..f381db87f0 100644 --- a/build.gradle +++ b/build.gradle @@ -121,7 +121,7 @@ buildscript { ext.proguard_version = constants.getProperty('proguardVersion') ext.jsch_version = '0.1.55' ext.protonj_version = '0.33.0' // Overide Artemis version - ext.snappy_version = '0.4' + ext.snappy_version = '0.5' ext.class_graph_version = constants.getProperty('classgraphVersion') ext.jcabi_manifests_version = '1.1' ext.picocli_version = '3.9.6' diff --git a/constants.properties b/constants.properties index a30f2432ac..740fc075ee 100644 --- a/constants.properties +++ b/constants.properties @@ -20,7 +20,7 @@ quasarVersion11=0.8.1_r3 jdkClassifier11=jdk11 dockerJavaVersion=3.2.5 proguardVersion=6.1.1 -bouncycastleVersion=1.68 +bouncycastleVersion=1.70 classgraphVersion=4.8.135 disruptorVersion=3.4.2 typesafeConfigVersion=1.3.4 From 04010b74a1fc86f9db7d0068f54542a1546737a9 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Tue, 9 Jul 2024 16:17:35 +0100 Subject: [PATCH 2/8] Reverted Bouncy Castle version --- constants.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/constants.properties b/constants.properties index 740fc075ee..a30f2432ac 100644 --- a/constants.properties +++ b/constants.properties @@ -20,7 +20,7 @@ quasarVersion11=0.8.1_r3 jdkClassifier11=jdk11 dockerJavaVersion=3.2.5 proguardVersion=6.1.1 -bouncycastleVersion=1.70 +bouncycastleVersion=1.68 classgraphVersion=4.8.135 disruptorVersion=3.4.2 typesafeConfigVersion=1.3.4 From c7c89f33c7c9bde947f6cb907da78db823585f28 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Thu, 11 Jul 2024 09:42:29 +0100 Subject: [PATCH 3/8] Dependency updates for security issues. --- constants.properties | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/constants.properties b/constants.properties index dfe997f88b..9389075c4e 100644 --- a/constants.properties +++ b/constants.properties @@ -41,7 +41,7 @@ openSourceSamplesBranch=https://github.com/corda/samples/blob/release-V4 jolokiaAgentVersion=1.6.1 detektVersion=1.0.1 tcnativeVersion=2.0.48.Final -commonsConfiguration2Version=2.8.0 +commonsConfiguration2Version=2.11.0 commonsTextVersion=1.10.0 # ENT-6607 all third party version in here now @@ -61,7 +61,7 @@ assertjVersion=3.12.2 slf4JVersion=1.7.30 log4JVersion=2.17.1 okhttpVersion=3.14.9 -nettyVersion=4.1.77.Final +nettyVersion=4.1.111.Final fileuploadVersion=1.4 kryoVersion=4.0.2 kryoSerializerVersion=0.43 @@ -96,7 +96,7 @@ ghostdriverVersion=2.1.0 jschVersion=0.1.55 # Override Artemis version protonjVersion=0.33.0 -snappyVersion=0.4 +snappyVersion=0.5 jcabiManifestsVersion=1.1 picocliVersion=3.9.6 commonsLangVersion=3.9 From a86853adbf46371de99a290ab97ba03f5d362376 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Fri, 12 Jul 2024 13:57:51 +0100 Subject: [PATCH 4/8] Dependency updates for security issues --- constants.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/constants.properties b/constants.properties index 7db38579d3..db3a76ac42 100644 --- a/constants.properties +++ b/constants.properties @@ -59,7 +59,7 @@ assertjVersion=3.12.2 slf4JVersion=1.7.30 log4JVersion=2.17.1 okhttpVersion=3.14.9 -nettyVersion=4.1.77.Final +nettyVersion=4.1.111.Final fileuploadVersion=1.4 kryoVersion=4.0.2 kryoSerializerVersion=0.43 @@ -94,7 +94,7 @@ ghostdriverVersion=2.1.0 jschVersion=0.1.55 # Override Artemis version protonjVersion=0.33.0 -snappyVersion=0.4 +snappyVersion=0.5 jcabiManifestsVersion=1.1 picocliVersion=3.9.6 commonsLangVersion=3.9 From 743b1d7fc89e8ecec2ab6ecba82ee8a023b2e8c1 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Mon, 15 Jul 2024 10:57:34 +0100 Subject: [PATCH 5/8] Upgrade Bouncy Castle --- constants.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/constants.properties b/constants.properties index db3a76ac42..c3019cdd44 100644 --- a/constants.properties +++ b/constants.properties @@ -24,7 +24,7 @@ jdkClassifier11=jdk11 dockerJavaVersion=3.2.5 proguardVersion=6.1.1 // bouncy castle version must not be changed on a patch release. Needs a full release test cycle to flush out any issues. -bouncycastleVersion=1.75 +bouncycastleVersion=1.78.1 classgraphVersion=4.8.135 disruptorVersion=3.4.2 typesafeConfigVersion=1.3.4 From 4534b3b024499b443e283c4b6c39c2d0d9893ce0 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Tue, 16 Jul 2024 10:22:08 +0100 Subject: [PATCH 6/8] Restored old netty version --- constants.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/constants.properties b/constants.properties index 9389075c4e..f1a4bae9b5 100644 --- a/constants.properties +++ b/constants.properties @@ -61,7 +61,7 @@ assertjVersion=3.12.2 slf4JVersion=1.7.30 log4JVersion=2.17.1 okhttpVersion=3.14.9 -nettyVersion=4.1.111.Final +nettyVersion=4.1.77.Final fileuploadVersion=1.4 kryoVersion=4.0.2 kryoSerializerVersion=0.43 From 060bdab88f3e6c85fc541763689dde143fb7ed86 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Tue, 16 Jul 2024 10:53:44 +0100 Subject: [PATCH 7/8] Restored previous version of netty --- constants.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/constants.properties b/constants.properties index c3019cdd44..bc542095ab 100644 --- a/constants.properties +++ b/constants.properties @@ -59,7 +59,7 @@ assertjVersion=3.12.2 slf4JVersion=1.7.30 log4JVersion=2.17.1 okhttpVersion=3.14.9 -nettyVersion=4.1.111.Final +nettyVersion=4.1.77.Final fileuploadVersion=1.4 kryoVersion=4.0.2 kryoSerializerVersion=0.43 From 9ba25720d8813252783a644c234e62a088492e45 Mon Sep 17 00:00:00 2001 From: chriscochrane Date: Tue, 30 Jul 2024 16:09:59 +0100 Subject: [PATCH 8/8] Upgraded jackson --- constants.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/constants.properties b/constants.properties index f1a4bae9b5..c5e8a6d395 100644 --- a/constants.properties +++ b/constants.properties @@ -52,7 +52,7 @@ capsuleVersion=1.0.3 asmVersion=7.1 artemisVersion=2.19.1 # TODO Upgrade Jackson only when corda is using kotlin 1.3.10 -jacksonVersion=2.13.5 +jacksonVersion=2.17.2 jacksonKotlinVersion=2.9.7 jettyVersion=9.4.53.v20231009 jerseyVersion=2.25