mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-10-26 08:06:09 +01:00
Update vulnerable version of cron-utils (#1942)
* Update lock files * Replace usage of org.apache.commons.lang3 with guava * Update vulnerable version of cron-utils Update cron-util from version 9.1.3 to 9.1.6. Version 9.1.6 fixes an arbitrary code execution vulnerability (CVE-2021-41269). SCM-Manager is not affected by this issue, because it is related to the el parsing of an annotation which we don't use.
This commit is contained in:
Sebastian Sdorra
GitHub
@@ -118,7 +118,7 @@ ext {
|
||||
metainfServices: 'org.kohsuke.metainf-services:metainf-services:1.8',
|
||||
|
||||
// cron expression
|
||||
cronUtils: 'com.cronutils:cron-utils:9.1.3',
|
||||
cronUtils: 'com.cronutils:cron-utils:9.1.+',
|
||||
|
||||
// templates
|
||||
mustache: 'com.github.spullara.mustache.java:compiler:0.9.7',
|
||||
|
||||
@@ -10,7 +10,7 @@ com.cloudogu.legman.support:micrometer:2.0.0=testRuntimeClasspath,testRuntimeCla
|
||||
com.cloudogu.legman.support:shiro:2.0.0=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cloudogu.legman:core:2.0.0=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cloudogu.spotter:spotter-core:4.0.0=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cronutils:cron-utils:9.1.3=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cronutils:cron-utils:9.1.6=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.damnhandy:handy-uri-templates:2.1.7=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.fasterxml.jackson.core:jackson-annotations:2.11.3=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.fasterxml.jackson.core:jackson-core:2.11.3=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
@@ -113,8 +113,7 @@ net.java.dev.jna:jna:5.6.0=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
net.java.dev.jna:platform:3.4.0=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.antlr:antlr-runtime:3.4=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.commons:commons-compress:1.20=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.commons:commons-lang3:3.11=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.commons:commons-lang3:3.4=testCompileClasspath,testCompileClasspathCopy
|
||||
org.apache.commons:commons-lang3:3.4=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.httpcomponents:httpclient:4.5.13=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.httpcomponents:httpclient:4.5.3=testCompileClasspath,testCompileClasspathCopy
|
||||
org.apache.httpcomponents:httpcore:4.4.14=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
@@ -164,6 +163,7 @@ org.hamcrest:hamcrest:2.1=testCompileClasspath,testCompileClasspathCopy,testRunt
|
||||
org.hdrhistogram:HdrHistogram:2.1.12=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.hibernate.validator:hibernate-validator:6.1.6.Final=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.javahg:javahg:1.0.0=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.javassist:javassist:3.27.0-GA=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.jboss.logging:jboss-logging:3.4.1.Final=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.jboss.resteasy:resteasy-client-api:4.6.0.Final=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.jboss.resteasy:resteasy-client:4.6.0.Final=testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
|
||||
@@ -162,5 +162,5 @@ sonia.jgit:org.eclipse.jgit.junit:5.11.1.202105131744-r-scm1=testCompileClasspat
|
||||
sonia.jgit:org.eclipse.jgit.lfs.server:5.11.1.202105131744-r-scm1=compileClasspath,default,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
|
||||
sonia.jgit:org.eclipse.jgit.lfs:5.11.1.202105131744-r-scm1=compileClasspath,default,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
|
||||
sonia.jgit:org.eclipse.jgit:5.11.1.202105131744-r-scm1=compileClasspath,default,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
|
||||
sonia.scm:scm-webapp:2.29.2-SNAPSHOT=scmServer
|
||||
sonia.scm:scm-webapp:2.30.2-SNAPSHOT=scmServer
|
||||
empty=archives,optionalPlugin,plugin
|
||||
|
||||
@@ -140,5 +140,5 @@ org.slf4j:jcl-over-slf4j:1.7.30=compileClasspath,default,runtimeClasspath,runtim
|
||||
org.slf4j:slf4j-api:1.7.25=swaggerDeps
|
||||
org.slf4j:slf4j-api:1.7.30=annotationProcessor,compileClasspath,default,runtimeClasspath,runtimePluginElements,scmCoreDependency,testCompileClasspath,testRuntimeClasspath
|
||||
org.yaml:snakeyaml:1.26=swaggerDeps
|
||||
sonia.scm:scm-webapp:2.29.2-SNAPSHOT=scmServer
|
||||
sonia.scm:scm-webapp:2.30.2-SNAPSHOT=scmServer
|
||||
empty=archives,optionalPlugin,plugin
|
||||
|
||||
@@ -137,5 +137,5 @@ org.slf4j:jcl-over-slf4j:1.7.30=compileClasspath,default,runtimeClasspath,runtim
|
||||
org.slf4j:slf4j-api:1.7.25=swaggerDeps
|
||||
org.slf4j:slf4j-api:1.7.30=annotationProcessor,compileClasspath,default,runtimeClasspath,runtimePluginElements,scmCoreDependency,testCompileClasspath,testRuntimeClasspath
|
||||
org.yaml:snakeyaml:1.26=swaggerDeps
|
||||
sonia.scm:scm-webapp:2.29.2-SNAPSHOT=scmServer
|
||||
sonia.scm:scm-webapp:2.30.2-SNAPSHOT=scmServer
|
||||
empty=archives,optionalPlugin,plugin
|
||||
|
||||
@@ -137,5 +137,5 @@ org.slf4j:jcl-over-slf4j:1.7.30=compileClasspath,default,runtimeClasspath,runtim
|
||||
org.slf4j:slf4j-api:1.7.25=swaggerDeps
|
||||
org.slf4j:slf4j-api:1.7.30=annotationProcessor,compileClasspath,default,runtimeClasspath,runtimePluginElements,scmCoreDependency,testCompileClasspath,testRuntimeClasspath
|
||||
org.yaml:snakeyaml:1.26=swaggerDeps
|
||||
sonia.scm:scm-webapp:2.29.2-SNAPSHOT=scmServer
|
||||
sonia.scm:scm-webapp:2.30.2-SNAPSHOT=scmServer
|
||||
empty=archives,optionalPlugin,plugin
|
||||
|
||||
@@ -153,7 +153,7 @@ org.slf4j:slf4j-api:1.7.25=swaggerDeps
|
||||
org.slf4j:slf4j-api:1.7.30=annotationProcessor,compileClasspath,default,runtimeClasspath,runtimePluginElements,scmCoreDependency,testCompileClasspath,testRuntimeClasspath
|
||||
org.tmatesoft.sqljet:sqljet:1.1.14=compileClasspath,default,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
|
||||
org.yaml:snakeyaml:1.26=swaggerDeps
|
||||
sonia.scm:scm-webapp:2.29.2-SNAPSHOT=scmServer
|
||||
sonia.scm:scm-webapp:2.30.2-SNAPSHOT=scmServer
|
||||
sonia.svnkit:svnkit-dav:1.10.3-scm1=compileClasspath,default,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
|
||||
sonia.svnkit:svnkit:1.10.3-scm1=compileClasspath,default,runtimeClasspath,testCompileClasspath,testRuntimeClasspath
|
||||
empty=archives,optionalPlugin,plugin
|
||||
|
||||
@@ -8,7 +8,7 @@ com.cloudogu.legman.support:micrometer:2.0.0=compileClasspath,compileClasspathCo
|
||||
com.cloudogu.legman.support:shiro:2.0.0=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cloudogu.legman:core:2.0.0=annotationProcessor,annotationProcessorCopy,compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cloudogu.spotter:spotter-core:4.0.0=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cronutils:cron-utils:9.1.3=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.cronutils:cron-utils:9.1.6=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.damnhandy:handy-uri-templates:2.1.7=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
com.fasterxml.jackson.core:jackson-annotations:2.11.1=swaggerDeps,swaggerDepsCopy
|
||||
com.fasterxml.jackson.core:jackson-annotations:2.11.4=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
@@ -96,8 +96,7 @@ net.bytebuddy:byte-buddy-agent:1.10.18=testCompileClasspath,testCompileClasspath
|
||||
net.bytebuddy:byte-buddy:1.10.18=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
net.java.dev.jna:jna:5.6.0=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.commons:commons-compress:1.20=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.commons:commons-lang3:3.11=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.commons:commons-lang3:3.7=swaggerDeps,swaggerDepsCopy
|
||||
org.apache.commons:commons-lang3:3.7=compileClasspath,compileClasspathCopy,swaggerDeps,swaggerDepsCopy
|
||||
org.apache.httpcomponents:httpclient:4.5.13=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.httpcomponents:httpcore:4.4.13=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.apache.james:apache-mime4j-core:0.8.3=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
@@ -138,7 +137,8 @@ org.hamcrest:hamcrest-library:2.1=testCompileClasspath,testCompileClasspathCopy,
|
||||
org.hamcrest:hamcrest:2.1=testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.hdrhistogram:HdrHistogram:2.1.12=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.hibernate.validator:hibernate-validator:6.1.6.Final=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.javassist:javassist:3.22.0-GA=compileClasspath,compileClasspathCopy,swaggerDeps,swaggerDepsCopy
|
||||
org.javassist:javassist:3.22.0-GA=swaggerDeps,swaggerDepsCopy
|
||||
org.javassist:javassist:3.27.0-GA=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.jboss.logging:jboss-logging:3.4.1.Final=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.jboss.resteasy:resteasy-client-api:4.6.0.Final=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
org.jboss.resteasy:resteasy-client:4.6.0.Final=compileClasspath,compileClasspathCopy,default,defaultCopy,runtimeClasspath,runtimeClasspathCopy,testCompileClasspath,testCompileClasspathCopy,testRuntimeClasspath,testRuntimeClasspathCopy
|
||||
|
||||
@@ -27,7 +27,7 @@ package sonia.scm.web.i18n;
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.github.legman.EventBus;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import com.google.common.base.CharMatcher;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -323,8 +323,8 @@ class I18nServletTest {
|
||||
private void assertJson(String actual) {
|
||||
assertThat(actual)
|
||||
.isNotEmpty()
|
||||
.contains(StringUtils.deleteWhitespace(GIT_PLUGIN_JSON.substring(1, GIT_PLUGIN_JSON.length() - 1)))
|
||||
.contains(StringUtils.deleteWhitespace(HG_PLUGIN_JSON.substring(1, HG_PLUGIN_JSON.length() - 1)))
|
||||
.contains(StringUtils.deleteWhitespace(SVN_PLUGIN_JSON.substring(1, SVN_PLUGIN_JSON.length() - 1)));
|
||||
.contains(CharMatcher.whitespace().removeFrom(GIT_PLUGIN_JSON.substring(1, GIT_PLUGIN_JSON.length() - 1)))
|
||||
.contains(CharMatcher.whitespace().removeFrom(HG_PLUGIN_JSON.substring(1, HG_PLUGIN_JSON.length() - 1)))
|
||||
.contains(CharMatcher.whitespace().removeFrom(SVN_PLUGIN_JSON.substring(1, SVN_PLUGIN_JSON.length() - 1)));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user