Addresses CVE-2023-0833 okhttp3

Had to go through a number of changes to get this all correct. The versions of anything from squareup need to be correct, but that also ended up needing Bouncy Castle for some of the tests as well. Signed-off-by: Jason Porter <[email protected]>
kiegroup · Feb 21, 2025 · 7b15e2e · 7b15e2e
1 parent 3f4f37b
commit 7b15e2e
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -109,6 +109,12 @@
     <version.org.jboss.marshalling.api>1.2.3.GA</version.org.jboss.marshalling.api>
     <!-- Version 2.0.1.Final which is coming from kie-parent is not compatible with dashbuilder-validator module -->
     <version.javax.validation>1.0.0.GA</version.javax.validation>
+
+    <!-- Mock server testing later in the stack -->
+    <!-- Add this to match other versions of okhttp3 and okio used elsewhere -->
+    <version.com.squareup.okhttp3>4.12.0</version.com.squareup.okhttp3>
+    <version.com.squareup.okio>3.6.0</version.com.squareup.okio>
+    <version.org.bouncycastle>1.78.1</version.org.bouncycastle>
   </properties>
 
   <repositories>
@@ -1052,6 +1058,51 @@
         <scope>test</scope>
       </dependency>
 
+      <dependency>
+        <groupId>com.squareup.okhttp3</groupId>
+        <artifactId>okhttp</artifactId>
+        <version>${version.com.squareup.okhttp3}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>com.squareup.okhttp3</groupId>
+        <artifactId>logging-interceptor</artifactId>
+        <version>${version.com.squareup.okhttp3}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>com.squareup.okio</groupId>
+        <artifactId>okio</artifactId>
+        <version>${version.com.squareup.okio}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>com.squareup.okhttp3</groupId>
+        <artifactId>mockwebserver</artifactId>
+        <version>${version.com.squareup.okhttp3}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcprov-jdk15to18</artifactId>
+        <version>${version.org.bouncycastle}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcpkix-jdk15to18</artifactId>
+        <version>${version.org.bouncycastle}</version>
+        <scope>test</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.bouncycastle</groupId>
+        <artifactId>bcpg-jdk15to18</artifactId>
+        <version>${version.org.bouncycastle}</version>
+        <scope>test</scope>
+      </dependency>
+
+
+
 
       <!-- ARQUILLIAN -->
 

diff --git a/uberfire-nio2-backport/uberfire-nio2-impls/uberfire-nio2-k8s/pom.xml b/uberfire-nio2-backport/uberfire-nio2-impls/uberfire-nio2-k8s/pom.xml
@@ -138,6 +138,26 @@
       <artifactId>logback-classic</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.squareup.okhttp3</groupId>
+      <artifactId>mockwebserver</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15to18</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15to18</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpg-jdk15to18</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
   <build>
     <plugins>