@@ -58,6 +58,38 @@ subprojects {
5858 sourceCompatibility = 1.8
5959 targetCompatibility = 1.8
6060
61+ // Force secure versions to fix vulnerabilities
62+ configurations. all {
63+ resolutionStrategy {
64+ // Use latest confirmed available Jetty 9.4.x versions
65+ force ' org.eclipse.jetty:jetty-server:9.4.56.v20240826'
66+ force ' org.eclipse.jetty:jetty-servlets:9.4.56.v20240826'
67+ force ' org.eclipse.jetty:jetty-http:9.4.56.v20240826'
68+ force ' org.eclipse.jetty:jetty-util:9.4.56.v20240826'
69+ force ' org.eclipse.jetty:jetty-io:9.4.56.v20240826'
70+ force ' org.eclipse.jetty:jetty-client:9.4.56.v20240826'
71+ force ' org.eclipse.jetty:jetty-security:9.4.56.v20240826'
72+ force ' org.eclipse.jetty:jetty-servlet:9.4.56.v20240826'
73+ force ' org.eclipse.jetty:jetty-webapp:9.4.56.v20240826'
74+ force ' org.eclipse.jetty:jetty-proxy:9.4.56.v20240826'
75+ force ' org.eclipse.jetty:jetty-continuation:9.4.56.v20240826'
76+ force ' org.eclipse.jetty:jetty-util-ajax:9.4.56.v20240826'
77+ force ' org.eclipse.jetty:jetty-xml:9.4.56.v20240826'
78+ force ' org.eclipse.jetty.http2:http2-server:9.4.56.v20240826'
79+ force ' org.eclipse.jetty.http2:http2-common:9.4.56.v20240826'
80+ force ' org.eclipse.jetty.http2:http2-hpack:9.4.56.v20240826'
81+ // Latest secure versions
82+ force ' commons-io:commons-io:2.18.0'
83+ force ' net.minidev:json-smart:2.5.2'
84+ force ' com.jayway.jsonpath:json-path:2.9.0'
85+ force ' com.google.guava:guava:33.4.0-jre'
86+ force ' org.xmlunit:xmlunit-core:2.10.0'
87+ }
88+
89+ // Exclude problematic dependencies
90+ exclude group : ' commons-fileupload' module : ' commons-fileupload'
91+ }
92+
6193 dependencies {
6294 implementation(' org.apache.httpcomponents:httpclient:4.5.13'
6395 exclude group : ' commons-codec' module : ' commons-codec'
0 commit comments