Update 3PPs

jackson-bom -> 2.13.4.2 (via spring-boot-starter:jar:2.6.11) to address CVE-2020-36518 & CVE-2022-42003 & CVE-2022-42004
log4j -> 2.17.2

Issue-ID: CCSDK-3618
Change-Id: Ic1660b18ebc2f9519bcbd5f767a0f22d2a1dd0db
Signed-off-by: JohnKeeney <john.keeney@est.tech>

diff --git a/dependencies-bom/pom.xml b/dependencies-bom/pom.xml
index 5c41c31..20a7cf6 100644 (file)
--- a/dependencies-bom/pom.xml
+++ b/dependencies-bom/pom.xml
@@ -45,7 +45,7 @@
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>
                 <!-- ODL Aluminum has 2.10.5 -->
-                <version>2.12.4</version>
+                <version>2.14.0-rc1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -211,12 +211,12 @@
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-slf4j-impl</artifactId>
-                <version>2.17.1</version>
+                <version>2.17.2</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.logging.log4j</groupId>
                 <artifactId>log4j-core</artifactId>
-                <version>2.17.1</version>
+                <version>2.17.2</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.tomcat</groupId>

diff --git a/springboot/spring-boot-setup/src/main/properties/springboot26.properties b/springboot/spring-boot-setup/src/main/properties/springboot26.properties
index 968e8a5..216d107 100644 (file)
--- a/springboot/spring-boot-setup/src/main/properties/springboot26.properties
+++ b/springboot/spring-boot-setup/src/main/properties/springboot26.properties
@@ -5,10 +5,10 @@ springboot.project.artifactId=spring-boot-26-starter-parent
 spring.version=5.3.22
 springboot.httpcomponents.core.version=4.4.15
 springboot.httpcomponents.client.version=4.5.13
-springboot.jackson.version=2.13.3
+springboot.jackson.version=2.14.0-rc1
 springboot.logback.version=1.2.11
 springboot.netty.ssl.version=2.0.50.Final
 springboot.jersey.version=2.33
 springboot.slf4j.version=1.7.36
 springboot.springfox.version=3.0.0
-springboot.tomcat.jdbc.version=9.0.58
+springboot.tomcat.jdbc.version=9.0.58
\ No newline at end of file

diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml
index ccf67dd..eafb8f5 100644 (file)
--- a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml
+++ b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk11.xml
@@ -130,8 +130,8 @@
         <jersey.version>${springboot.jersey.version}</jersey.version>
         <jersey.client.version>${springboot.jersey.version}</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>${springboot.logback.version}</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>

diff --git a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml
index 737e0cc..5f10cb0 100644 (file)
--- a/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml
+++ b/springboot/spring-boot-setup/src/main/resources/pom-template-jdk8.xml
@@ -130,8 +130,8 @@
         <jersey.version>${springboot.jersey.version}</jersey.version>
         <jersey.client.version>${springboot.jersey.version}</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>${springboot.logback.version}</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>

diff --git a/springboot/springboot1/pom.xml b/springboot/springboot1/pom.xml
index e56d851..69faf75 100644 (file)
--- a/springboot/springboot1/pom.xml
+++ b/springboot/springboot1/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.30.1</jersey.version>
         <jersey.client.version>2.30.1</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>

diff --git a/springboot/springboot23/pom.xml b/springboot/springboot23/pom.xml
index a15630e..c6e2c7f 100644 (file)
--- a/springboot/springboot23/pom.xml
+++ b/springboot/springboot23/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.30.1</jersey.version>
         <jersey.client.version>2.30.1</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>

diff --git a/springboot/springboot25/pom.xml b/springboot/springboot25/pom.xml
index 9b09fb8..d6ba681 100644 (file)
--- a/springboot/springboot25/pom.xml
+++ b/springboot/springboot25/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.33</jersey.version>
         <jersey.client.version>2.33</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>

diff --git a/springboot/springboot26/pom.xml b/springboot/springboot26/pom.xml
index 02f0428..b73a275 100644 (file)
--- a/springboot/springboot26/pom.xml
+++ b/springboot/springboot26/pom.xml
@@ -130,8 +130,8 @@
         <jersey.version>2.33</jersey.version>
         <jersey.client.version>2.33</jersey.client.version>
         <jettison.version>1.3.8</jettison.version>
-        <log4j.version>2.17.1</log4j.version>
-        <log4j2.version>2.17.1</log4j2.version>
+        <log4j.version>2.17.2</log4j.version>
+        <log4j2.version>2.17.2</log4j2.version>
         <logback.version>1.2.11</logback.version>
         <mariadb.connector.version>2.7.3</mariadb.connector.version>
         <mariadb4j.version>2.4.0</mariadb4j.version>
@@ -157,7 +157,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>
-                <version>2.13.3</version>
+                <version>2.14.0-rc1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>