Skip to content

Commit e26d917

Browse files
nitinp19nitinp19
committed
"fixing vulnerability for jetty"
1 parent 2b59c8f commit e26d917

File tree

1 file changed

+37
-5
lines changed

1 file changed

+37
-5
lines changed

build.gradle

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,16 +58,48 @@ subprojects {
5858
sourceCompatibility = 1.8
5959
targetCompatibility = 1.8
6060

61+
// Force secure versions to fix vulnerabilities
62+
configurations.all {
63+
resolutionStrategy {
64+
// Use latest confirmed available Jetty 9.4.x versions
65+
force 'org.eclipse.jetty:jetty-server:9.4.56.v20240826'
66+
force 'org.eclipse.jetty:jetty-servlets:9.4.56.v20240826'
67+
force 'org.eclipse.jetty:jetty-http:9.4.56.v20240826'
68+
force 'org.eclipse.jetty:jetty-util:9.4.56.v20240826'
69+
force 'org.eclipse.jetty:jetty-io:9.4.56.v20240826'
70+
force 'org.eclipse.jetty:jetty-client:9.4.56.v20240826'
71+
force 'org.eclipse.jetty:jetty-security:9.4.56.v20240826'
72+
force 'org.eclipse.jetty:jetty-servlet:9.4.56.v20240826'
73+
force 'org.eclipse.jetty:jetty-webapp:9.4.56.v20240826'
74+
force 'org.eclipse.jetty:jetty-proxy:9.4.56.v20240826'
75+
force 'org.eclipse.jetty:jetty-continuation:9.4.56.v20240826'
76+
force 'org.eclipse.jetty:jetty-util-ajax:9.4.56.v20240826'
77+
force 'org.eclipse.jetty:jetty-xml:9.4.56.v20240826'
78+
force 'org.eclipse.jetty.http2:http2-server:9.4.56.v20240826'
79+
force 'org.eclipse.jetty.http2:http2-common:9.4.56.v20240826'
80+
force 'org.eclipse.jetty.http2:http2-hpack:9.4.56.v20240826'
81+
// Latest secure versions
82+
force 'commons-io:commons-io:2.18.0'
83+
force 'net.minidev:json-smart:2.5.2'
84+
force 'com.jayway.jsonpath:json-path:2.9.0'
85+
force 'com.google.guava:guava:33.4.0-jre'
86+
force 'org.xmlunit:xmlunit-core:2.10.0'
87+
}
88+
89+
// Exclude problematic dependencies
90+
exclude group: 'commons-fileupload', module: 'commons-fileupload'
91+
}
92+
6193
dependencies {
6294
implementation('org.apache.httpcomponents:httpclient:4.5.13') {
6395
exclude group: 'commons-codec', module: 'commons-codec'
6496
}
6597
implementation 'commons-codec:commons-codec:1.13'
66-
implementation 'org.apache.commons:commons-lang3:3.12.0'
67-
implementation 'com.fasterxml.jackson.core:jackson-core:2.14.1'
68-
implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.1'
69-
implementation 'com.fasterxml.jackson.core:jackson-annotations:2.14.1'
70-
api 'org.jfrog.filespecs:file-specs-java:1.1.1'
98+
implementation 'org.apache.commons:commons-lang3:3.18.0'
99+
implementation 'com.fasterxml.jackson.core:jackson-core:2.19.1'
100+
implementation 'com.fasterxml.jackson.core:jackson-databind:2.19.1'
101+
implementation 'com.fasterxml.jackson.core:jackson-annotations:2.19.1'
102+
api 'org.jfrog.filespecs:file-specs-java:1.1.2'
71103
}
72104

73105
task sourcesJar(type: Jar, dependsOn: classes) {

0 commit comments

Comments
 (0)