Fix for Security Violations

agrasth · agrasth · commit 13cf3debf57f · 2025-12-15T14:25:06.000+05:30
diff --git a/httpClient/build.gradle b/httpClient/build.gradle
@@ -8,5 +8,9 @@ repositories {
 
 dependencies {
     testImplementation group: 'org.testng', name: 'testng', version: '7.5.1'
-    testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.0'
+    // Note: wiremock-jre8 2.35.2 is the latest version supporting Java 8.
+    // It uses Jetty 9.4.x which has CVE-2024-6763, but fixing requires Jetty 12.x
+    // which is incompatible with WireMock 2.x and requires Java 11+.
+    // Since this is test-only and doesn't affect production artifacts, the risk is accepted.
+    testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.2'
 }
diff --git a/services/build.gradle b/services/build.gradle
@@ -15,7 +15,7 @@ dependencies {
      * https://github.com/jfrog/artifactory-client-java/issues/43
      * https://github.com/jfrog/artifactory-client-java/issues/232
      */
-    testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.15'
+    testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.16'
 }
 
 task createReleasePropertiesFile(type: Exec) {
diff --git a/services/src/main/resources/artifactory.client.release.properties b/services/src/main/resources/artifactory.client.release.properties
@@ -1 +1 @@
-version=2.21.x-SNAPSHOT
+version=2.21.1

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ dependencies {`
`15`	`15`	`* https://github.com/jfrog/artifactory-client-java/issues/43`
`16`	`16`	`* https://github.com/jfrog/artifactory-client-java/issues/232`
`17`	`17`	`*/`
`18`		`- testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.15'`
	`18`	`+ testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.16'`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`task createReleasePropertiesFile(type: Exec) {`