Skip to content

Commit 25f61ac

Browse files
julianladischjulianladisch
committed
VERTXLIB-54: log4j 2.23.0, testcontainers 1.19.6, commons-compress 1.26.0
Further upgrades for Quesnelia: Upgrade log4j from 2.22.1 to 2.23.0. Upgrade testcontainers from 1.19.5 to 1.19.6. Upgrade commons-compress from 1.24.0 to 1.26.0 fixing https://nvd.nist.gov/vuln/detail/CVE-2024-25710 https://nvd.nist.gov/vuln/detail/CVE-2024-26308 see testcontainers/testcontainers-java#8354
1 parent 5dbdb76 commit 25f61ac

File tree

3 files changed

+37
-2
lines changed

3 files changed

+37
-2
lines changed

core/pom.xml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,18 @@
132132
<artifactId>junit-jupiter</artifactId>
133133
<scope>test</scope>
134134
</dependency>
135+
<!--
136+
remove commons-compress dependency when testcontainers
137+
comes with commons-compress >= 1.26.0 fixing
138+
https://nvd.nist.gov/vuln/detail/CVE-2024-25710
139+
https://nvd.nist.gov/vuln/detail/CVE-2024-26308
140+
see https://github.com/testcontainers/testcontainers-java/pull/8354
141+
-->
142+
<dependency>
143+
<groupId>org.apache.commons</groupId>
144+
<artifactId>commons-compress</artifactId>
145+
<scope>test</scope>
146+
</dependency>
135147
</dependencies>
136148

137149
<build>

pg-testing/pom.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,17 @@
1717
<groupId>org.testcontainers</groupId>
1818
<artifactId>postgresql</artifactId>
1919
</dependency>
20+
<!--
21+
remove commons-compress dependency when testcontainers
22+
comes with commons-compress >= 1.26.0 fixing
23+
https://nvd.nist.gov/vuln/detail/CVE-2024-25710
24+
https://nvd.nist.gov/vuln/detail/CVE-2024-26308
25+
see https://github.com/testcontainers/testcontainers-java/pull/8354
26+
-->
27+
<dependency>
28+
<groupId>org.apache.commons</groupId>
29+
<artifactId>commons-compress</artifactId>
30+
</dependency>
2031
<!-- Test dependencies -->
2132
<dependency>
2233
<groupId>org.junit.jupiter</groupId>

pom.xml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@
4242
<dependency>
4343
<groupId>org.apache.logging.log4j</groupId>
4444
<artifactId>log4j-bom</artifactId>
45-
<version>2.22.1</version>
45+
<version>2.23.0</version>
4646
<type>pom</type>
4747
<scope>import</scope>
4848
</dependency>
@@ -103,10 +103,22 @@
103103
<dependency>
104104
<groupId>org.testcontainers</groupId>
105105
<artifactId>testcontainers-bom</artifactId>
106-
<version>1.19.5</version>
106+
<version>1.19.6</version>
107107
<type>pom</type>
108108
<scope>import</scope>
109109
</dependency>
110+
<!--
111+
remove commons-compress dependency when testcontainers
112+
comes with commons-compress >= 1.26.0 fixing
113+
https://nvd.nist.gov/vuln/detail/CVE-2024-25710
114+
https://nvd.nist.gov/vuln/detail/CVE-2024-26308
115+
see https://github.com/testcontainers/testcontainers-java/pull/8354
116+
-->
117+
<dependency>
118+
<groupId>org.apache.commons</groupId>
119+
<artifactId>commons-compress</artifactId>
120+
<version>1.26.0</version>
121+
</dependency>
110122
</dependencies>
111123
</dependencyManagement>
112124
<build>

0 commit comments

Comments
 (0)