* Make caplet respect all acceptable combinations of cmd line parameters
* If cordapp dir fails to create, still run corda.jar and let it fail gracefully
* Don't parse additional options as the parameter for the previous one.
* Remove commented lines
* First pass
* Update test.
* Address review comments.
* Added docs and kdocs.
* Clean-up.
* Add extra test.
* Changes to docsite.
* Added try/catch block as recommended by Andras.
* Removed try catch block. It's not required as the checkpoint serialiser deals with this.
* Re-used existing DB session instead of creating a new session.
* Entity manager auto flushes.
* Added java friendly api.
* Addressed review comments.
* CORDA-2190: Improve notary service flow exception handling
- Refactored notary flows to reduce validation code duplication
- Improved notarisation error handling to provide more helpful responses to the client
* Minimum platform version checking for new signature constraints feature.
* Fix broken JUnit
* NP safety checking on network parameters.
* Warning and auto-downgrade of signed states that do not meet the minimum network platform version.
* Replace error code generation technique with custom event re-writer.
Switch to RandomAccessFile appenders because they supposedly give higher throughput.
* Review feedback
* print node-gen log when nodeInfo generation fails during bootstrapping
* add logic to print out the legal name of the node which failed to generate nodeInfo
OWASP Dependency Checker has been updated so that it can be configured to automatically fail a build when a vulnerable dependency is detected. This option is exposed through gradle settings, so that a build can be configured in TeamCity to pass/fail. This change is backward-compatible - i.e. it does not affect a build by default unless configured to do so.
Ability to fail a build is exposed by the new owasp.failBuildOnCVSS gradle property
By default this is set to '11.0' which will always pass a build even if a vulnerability is found (so will not affect anything by default)
Reduce the CVSS level between 0-10 to indicate what level to fail a build on
Example usage to catch Medium severity (and above) issues:
Configure gradle with the option -Powasp.failBuildOnCVSS=4
Temporally treating META-INF/INDEX.LIST as unsignable entry because java.util.jar.JarVerifier doesn't load its signers. https://r3-cev.atlassian.net/browse/CORDA-2177 for further investigation.
* Switch to directory per test and suppress deletion exception on windows
to deal with the fact that NTFS keeps files locked to the running process
once opened.
* Closing files when we're done makes all the file locking issues go away.
