From d5340a4197cc6ddfef22e888f3a14b5e2d06851b Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Fri, 15 Sep 2023 15:27:08 -0400 Subject: [PATCH] Fix for CVE-2976 + add CVE checker (#624) (#625) * Fix for CVE-2976 + add CVE checker Signed-off-by: Omar Khasawneh * Updated Changelog Signed-off-by: Omar Khasawneh --------- Signed-off-by: Omar Khasawneh (cherry picked from commit d09bb4eea03b4dd71232c84df8e7ffaa448b8faf) Co-authored-by: Omar Khasawneh --- CHANGELOG.md | 1 + java-client/build.gradle.kts | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5185d1f4b2..77981d5a68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Fix PutMappingRequest by removing unsupported fields ([#597](https://github.com/opensearch-project/opensearch-java/pull/597)) - [BUG] JarHell caused by latest software.amazon.awssdk 2.20.141 ([#616](https://github.com/opensearch-project/opensearch-java/pull/616)) - Don't over-allocate in HeapBufferedAsyncEntityConsumer in order to consume the response ([#620](https://github.com/opensearch-project/opensearch-java/pull/620)) +- Fixed CVE-2976 + added CVE checker ([#624](https://github.com/opensearch-project/opensearch-java/pull/624)) ### Security diff --git a/java-client/build.gradle.kts b/java-client/build.gradle.kts index 97b9058993..68b8ace30d 100644 --- a/java-client/build.gradle.kts +++ b/java-client/build.gradle.kts @@ -49,8 +49,11 @@ plugins { checkstyle `maven-publish` id("com.github.jk1.dependency-license-report") version "2.5" + id("org.owasp.dependencycheck") version "8.4.0" } +apply(plugin = "org.owasp.dependencycheck") + configurations { all { exclude(group = "software.amazon.awssdk", module = "third-party-jackson-core") @@ -58,7 +61,7 @@ configurations { } checkstyle { - toolVersion = "10.0" + toolVersion = "10.12.3" } java {