From b43680f734d219d5ae2a1132f9286c62e6cf2503 Mon Sep 17 00:00:00 2001
From: JohnKeeney <john.keeney@est.tech>
Date: Tue, 1 Nov 2022 18:38:33 +0000
Subject: [PATCH] Update 3PPs

jackson-bom -> 2.13.4.2 (via spring-boot-starter:jar:2.6.11) to address CVE-2020-36518 & CVE-2022-42003 & CVE-2022-42004
log4j -> 2.17.2

Issue-ID: CCSDK-3618
Change-Id: Ic1660b18ebc2f9519bcbd5f767a0f22d2a1dd0db
Signed-off-by: JohnKeeney <john.keeney@est.tech>
---
 dependencies-bom/pom.xml                                            | 6 +++---
 .../spring-boot-setup/src/main/properties/springboot26.properties   | 4 ++--
 .../spring-boot-setup/src/main/resources/pom-template-jdk11.xml     | 4 ++--
 .../spring-boot-setup/src/main/resources/pom-template-jdk8.xml      | 4 ++--
 springboot/springboot1/pom.xml                                      | 4 ++--
 springboot/springboot23/pom.xml                                     | 4 ++--
 springboot/springboot25/pom.xml                                     | 4 ++--
 springboot/springboot26/pom.xml                                     | 6 +++---
 8 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/dependencies-bom/pom.xml b/dependencies-bom/pom.xml
index 5c41c31c..20a7cf68 100644
--- a/dependencies-bom/pom.xml
+++ b/dependencies-bom/pom.xml
@@ -45,7 +45,7 @@
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>
                 <!-- ODL Aluminum has 2.10.5 -->
-                <version>2.12.4</version>
+                <version>2.14.0-rc1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -211,12 +211,12 @@
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-slf4j-impl</artifactId>
-                <version>2.17.1</version>
+                <version>2.17.2</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-core</artifactId>
-                <version>2.17.1</version>
+                <version>2.17.2</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.tomcat</groupId>
diff --git a/springboot/spring-boot-setup/src/main/properties/springboot26.properties b/springboot/spring-boot-setup/src/main/properties/springboot26.properties
index 968e8a52..216d1071 100644
--- a/springboot/spring-boot-setup/src/main/properties/springboot26.properties
+++ b/springboot/spring-boot-setup/src/main/properties/springboot26.properties
@@ -5,10 +5,10 @@ springboot.project.artifactId=spring-boot-26-starter-parent
 spring.version=5.3.22
 springboot.httpcomponents.core.version=4.4.15
 springboot.httpcomponents.client.version=4.5.13
-springboot.jackson.version=2.13.3
+springboot.jackson.version=2.14.0-rc1
 springboot.logback.version=1.2.11
 springboot.netty.ssl.version=2.0.50.Final
 springboot.jersey.version=2.33
 springboot.slf4j.version=1.7.36
 springboot.springfox.version=3.0.0
-springboot.tomcat.jdbc.version=9.0.58
+springboot.tomcat.jdbc.version=9.0.58
\ No newline at end of file
diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml
index ccf67dde..eafb8f5c 100644
--- a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml
+++ b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml
@@ -130,8 +130,8 @@
         <jersey.version>${springboot.jersey.version}</jersey.version>
         <jersey.client.version>${springboot.jersey.version}</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>${springboot.logback.version}</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml
index 737e0cc3..5f10cb0c 100644
--- a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml
+++ b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml
@@ -130,8 +130,8 @@
         <jersey.version>${springboot.jersey.version}</jersey.version>
         <jersey.client.version>${springboot.jersey.version}</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>${springboot.logback.version}</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
diff --git a/springboot/springboot1/pom.xml b/springboot/springboot1/pom.xml
index e56d8518..69faf754 100644
--- a/springboot/springboot1/pom.xml
+++ b/springboot/springboot1/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.30.1</jersey.version>
         <jersey.client.version>2.30.1</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
diff --git a/springboot/springboot23/pom.xml b/springboot/springboot23/pom.xml
index a15630e7..c6e2c7f0 100644
--- a/springboot/springboot23/pom.xml
+++ b/springboot/springboot23/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.30.1</jersey.version>
         <jersey.client.version>2.30.1</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
diff --git a/springboot/springboot25/pom.xml b/springboot/springboot25/pom.xml
index 9b09fb84..d6ba6816 100644
--- a/springboot/springboot25/pom.xml
+++ b/springboot/springboot25/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.33</jersey.version>
         <jersey.client.version>2.33</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
diff --git a/springboot/springboot26/pom.xml b/springboot/springboot26/pom.xml
index 02f04287..b73a2752 100644
--- a/springboot/springboot26/pom.xml
+++ b/springboot/springboot26/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.33</jersey.version>
         <jersey.client.version>2.33</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
@@ -157,7 +157,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>
-                <version>2.13.3</version>
+                <version>2.14.0-rc1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-- 
2.16.6