From 7b15e2e7ca95dff9583dab848e6863b711192eab Mon Sep 17 00:00:00 2001 From: Jason Porter Date: Fri, 21 Feb 2025 13:11:21 -0700 Subject: [PATCH] Addresses CVE-2023-0833 okhttp3 Had to go through a number of changes to get this all correct. The versions of anything from squareup need to be correct, but that also ended up needing Bouncy Castle for some of the tests as well. Signed-off-by: Jason Porter --- pom.xml | 51 +++++++++++++++++++ .../uberfire-nio2-k8s/pom.xml | 20 ++++++++ 2 files changed, 71 insertions(+) diff --git a/pom.xml b/pom.xml index 1398314226..48400ea331 100644 --- a/pom.xml +++ b/pom.xml @@ -109,6 +109,12 @@ 1.2.3.GA 1.0.0.GA + + + + 4.12.0 + 3.6.0 + 1.78.1 @@ -1052,6 +1058,51 @@ test + + com.squareup.okhttp3 + okhttp + ${version.com.squareup.okhttp3} + test + + + com.squareup.okhttp3 + logging-interceptor + ${version.com.squareup.okhttp3} + test + + + com.squareup.okio + okio + ${version.com.squareup.okio} + test + + + com.squareup.okhttp3 + mockwebserver + ${version.com.squareup.okhttp3} + test + + + org.bouncycastle + bcprov-jdk15to18 + ${version.org.bouncycastle} + test + + + org.bouncycastle + bcpkix-jdk15to18 + ${version.org.bouncycastle} + test + + + org.bouncycastle + bcpg-jdk15to18 + ${version.org.bouncycastle} + test + + + + diff --git a/uberfire-nio2-backport/uberfire-nio2-impls/uberfire-nio2-k8s/pom.xml b/uberfire-nio2-backport/uberfire-nio2-impls/uberfire-nio2-k8s/pom.xml index 2569c1240b..6a44075c1d 100644 --- a/uberfire-nio2-backport/uberfire-nio2-impls/uberfire-nio2-k8s/pom.xml +++ b/uberfire-nio2-backport/uberfire-nio2-impls/uberfire-nio2-k8s/pom.xml @@ -138,6 +138,26 @@ logback-classic test + + com.squareup.okhttp3 + mockwebserver + test + + + org.bouncycastle + bcprov-jdk15to18 + test + + + org.bouncycastle + bcpkix-jdk15to18 + test + + + org.bouncycastle + bcpg-jdk15to18 + test +