CVE-2016-6814 Deserialization of Untrusted Data in Groovy CVE-2020-17521 Information Disclosure in Apache Groovy (#53)

vharseko · web-flow · commit b1daf91bb99b · 2024-10-17T21:14:14.000+03:00
diff --git a/OpenICF-groovy-connector/pom.xml b/OpenICF-groovy-connector/pom.xml
@@ -248,13 +248,7 @@
                         </goals>
                     </execution>
                 </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.codehaus.groovy</groupId>
-                        <artifactId>groovy-all</artifactId>
-                        <version>${groovy.version}</version>
-                    </dependency>
-                </dependencies>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
diff --git a/OpenICF-java-framework/connector-framework-server/pom.xml b/OpenICF-java-framework/connector-framework-server/pom.xml
@@ -21,6 +21,8 @@
  with the fields enclosed by brackets [] replaced by
  your own identifying information:
  "Portions Copyrighted [year] [name of copyright owner]"
+
+  Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
@@ -129,7 +131,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>${groovy.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/OpenICF-java-framework/connector-server-grizzly/pom.xml b/OpenICF-java-framework/connector-server-grizzly/pom.xml
@@ -21,6 +21,8 @@
  with the fields enclosed by brackets [] replaced by
  your own identifying information:
  "Portions Copyrighted [year] [name of copyright owner]"
+
+  Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
@@ -96,7 +98,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>${groovy.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/OpenICF-java-framework/connector-server-jetty/pom.xml b/OpenICF-java-framework/connector-server-jetty/pom.xml
@@ -83,7 +83,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>${groovy.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/OpenICF-java-framework/pom.xml b/OpenICF-java-framework/pom.xml
@@ -54,7 +54,6 @@
 
         <slf4j.version>1.7.36</slf4j.version>
         <logback.version>1.2.13</logback.version>
-        <groovy.version>2.4.21</groovy.version>
         <grizzly.version>2.3.35</grizzly.version>
         <protobuf-java.version>3.0.2</protobuf-java.version>
 
@@ -120,13 +119,6 @@
 
     <dependencyManagement>
         <dependencies>
-            <!-- Provided Dependencies -->
-            <dependency>
-                <groupId>org.codehaus.groovy</groupId>
-                <artifactId>groovy-all</artifactId>
-                <version>${groovy.version}</version>
-                <scope>provided</scope>
-            </dependency>
             <!-- Test Dependencies -->
             <dependency>
                 <groupId>org.openidentityplatform.openicf.framework</groupId>
diff --git a/OpenICF-kerberos-connector/pom.xml b/OpenICF-kerberos-connector/pom.xml
@@ -13,6 +13,7 @@
 * information: "Portions copyright [year] [name of copyright owner]".
 *
 * Copyright 2016 ForgeRock AS.
+* Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -57,7 +58,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>2.4.7</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -88,13 +88,7 @@
                         </goals>
                     </execution>
                 </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.codehaus.groovy</groupId>
-                        <artifactId>groovy-all</artifactId>
-                        <version>${groovy.version}</version>
-                    </dependency>
-                </dependencies>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
diff --git a/OpenICF-ssh-connector/pom.xml b/OpenICF-ssh-connector/pom.xml
@@ -23,6 +23,7 @@
   ~ your own identifying information:
   ~ "Portions Copyrighted [year] [name of copyright owner]"
   ~
+  ~ Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
@@ -52,7 +53,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>2.4.7</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -110,13 +110,7 @@
                         </goals>
                     </execution>
                 </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.codehaus.groovy</groupId>
-                        <artifactId>groovy-all</artifactId>
-                        <version>${groovy.version}</version>
-                    </dependency>
-                </dependencies>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
diff --git a/pom.xml b/pom.xml
@@ -227,6 +227,11 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>org.codehaus.groovy</groupId>
+                <artifactId>groovy-all</artifactId>
+                <version>2.4.21</version>
+            </dependency>
             <dependency>
                 <groupId>org.openidentityplatform.openicf.framework</groupId>
                 <artifactId>connector-framework</artifactId>
