From 93f47c7c0c5d7f0756d0ccda68c54a4cae1bfd65 Mon Sep 17 00:00:00 2001 From: Andreas Mattes Date: Tue, 26 Mar 2024 17:25:21 +0100 Subject: [PATCH 1/2] TPRUN-7731 Jetty update to 9.4.54 - CVE-2024-22201. --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 9bd39c244d8..1f1ff7d82ee 100644 --- a/pom.xml +++ b/pom.xml @@ -162,7 +162,7 @@ 4.4.3.20230925 4.4.3.20230726 1.0-alpha-2 - 8.0.23 + 8.0.26 1.1.3 1.5.6 0.5.4 @@ -181,7 +181,7 @@ 4.5.14 1.5 2.14.0 - 9.4.53.v20231009 + 9.4.54.v20240208 4.24 1 From 146b058e0d3d6122153bf3b8f069520bb2d08c29 Mon Sep 17 00:00:00 2001 From: Andreas Mattes Date: Thu, 4 Apr 2024 12:57:26 +0200 Subject: [PATCH 2/2] TPRUN-7838 Spring/Spring security updates. CVE-2024-22257, CVE-2024-22259, CVE-2024-22243 --- .../spring/src/main/feature/feature.xml | 74 +++++++------------ .../standard/src/main/feature/feature.xml | 2 +- pom.xml | 14 ++-- 3 files changed, 36 insertions(+), 54 deletions(-) diff --git a/assemblies/features/spring/src/main/feature/feature.xml b/assemblies/features/spring/src/main/feature/feature.xml index 5a294a1861d..7917380f986 100644 --- a/assemblies/features/spring/src/main/feature/feature.xml +++ b/assemblies/features/spring/src/main/feature/feature.xml @@ -26,39 +26,39 @@ mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.aopalliance/${aopalliance.bundle.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-core/${spring53.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-expression/${spring53.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-beans/${spring53.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-aop/${spring53.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-context/${spring53.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-context-support/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-core/${spring53.tesb.version}$Bundle-SymbolicName=spring-core&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} + wrap:mvn:org.springframework/spring-expression/${spring53.tesb.version}$Bundle-SymbolicName=spring-expression&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} + wrap:mvn:org.springframework/spring-beans/${spring53.tesb.version}$Bundle-SymbolicName=spring-beans&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} + wrap:mvn:org.springframework/spring-aop/${spring53.tesb.version}$Bundle-SymbolicName=spring-aop&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} + wrap:mvn:org.springframework/spring-context/${spring53.tesb.version}$Bundle-SymbolicName=spring-context&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} + wrap:mvn:org.springframework/spring-context-support/${spring53.tesb.version}$Bundle-SymbolicName=spring-context-support&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-aspects/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-aspects/${spring53.tesb.version}$Bundle-SymbolicName=spring-aspects&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-instrument/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-instrument/${spring53.tesb.version}$Bundle-SymbolicName=spring-instrument&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring-tx - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-jdbc/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-jdbc/${spring53.tesb.version}$Bundle-SymbolicName=spring-jdbc&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring-tx mvn:org.apache.geronimo.specs/geronimo-jta_1.1_spec/${geronimo.jta-spec.version} mvn:org.apache.geronimo.specs/geronimo-jms_2.0_spec/${geronimo.jms2-spec.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-jms/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-jms/${spring53.tesb.version}$Bundle-SymbolicName=spring-jms&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-messaging/${springmessaging53.tesb.version} + wrap:mvn:org.springframework/spring-messaging/${springmessaging53.tesb.version}$Bundle-SymbolicName=spring-messaging&Bundle-Version=${springmessaging53.tesb.version}&Export-Package=org.springframework.*;version=${springmessaging53.tesb.version} @@ -66,57 +66,39 @@ mvn:javax.websocket/javax.websocket-api/1.1 mvn:org.apache.httpcomponents/httpcore-osgi/4.4.6 mvn:org.apache.httpcomponents/httpclient-osgi/${httpclient.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-test/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-test/${spring53.tesb.version}$Bundle-SymbolicName=spring-test&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring-jdbc - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-orm/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-orm/${spring53.tesb.version}$Bundle-SymbolicName=spring-orm&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-oxm/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-oxm/${spring53.tesb.version}$Bundle-SymbolicName=spring-oxm&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-tx/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-tx/${spring53.tesb.version}$Bundle-SymbolicName=spring-tx&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} spring mvn:javax.servlet/javax.servlet-api/3.1.0 - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-web/${spring53.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-webmvc/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-web/${spring53.tesb.version}$Bundle-SymbolicName=spring-web&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} + wrap:mvn:org.springframework/spring-webmvc/${spring53.tesb.version}$Bundle-SymbolicName=spring-webmvc&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} mvn:javax.websocket/javax.websocket-api/1.1 spring-web - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-websocket/${spring53.tesb.version} + wrap:mvn:org.springframework/spring-websocket/${spring53.tesb.version}$Bundle-SymbolicName=spring-websocket&Bundle-Version=${spring53.tesb.version}&Export-Package=org.springframework.*;version=${spring53.tesb.version} - - pax-web-jsp - pax-web-war - spring-jdbc - spring-tx - spring-web - mvn:javax.annotation/javax.annotation-api/${javax.annotation.version} - mvn:com.fasterxml.jackson.core/jackson-core/${jackson.tesb.version} - mvn:com.fasterxml.jackson.core/jackson-annotations/${jackson.tesb.version} - mvn:com.fasterxml.jackson.core/jackson-databind/${jackson-databind.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.aspectj/${aspectj.bundle.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-core/${spring.security56.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-config/${spring.security56.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-web/${spring.security56.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-acl/${spring.security56.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-taglibs/${spring.security56.version} - - pax-web-jsp pax-web-war @@ -128,11 +110,11 @@ mvn:com.fasterxml.jackson.core/jackson-annotations/${jackson.tesb.version} mvn:com.fasterxml.jackson.core/jackson-databind/${jackson-databind.tesb.version} mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.aspectj/${aspectj.bundle.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-core/${spring.security57.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-config/${spring.security57.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-web/${spring.security57.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-acl/${spring.security57.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-taglibs/${spring.security57.tesb.version} + wrap:mvn:org.springframework.security/spring-security-core/${spring.security57.tesb.version}$Bundle-SymbolicName=spring-security-core&Bundle-Version=${spring.security57.tesb.version}&Export-Package=org.springframework.*;version=${spring.security57.tesb.version} + wrap:mvn:org.springframework.security/spring-security-config/${spring.security57.tesb.version}$Bundle-SymbolicName=spring-security-config&Bundle-Version=${spring.security57.tesb.version}&Export-Package=org.springframework.*;version=${spring.security57.tesb.version} + wrap:mvn:org.springframework.security/spring-security-web/${spring.security57.tesb.version}$Bundle-SymbolicName=spring-security-web&Bundle-Version=${spring.security57.tesb.version}&Export-Package=org.springframework.*;version=${spring.security57.tesb.version} + wrap:mvn:org.springframework.security/spring-security-acl/${spring.security57.tesb.version}$Bundle-SymbolicName=spring-security-acl&Bundle-Version=${spring.security57.tesb.version}&Export-Package=org.springframework.*;version=${spring.security57.tesb.version} + wrap:mvn:org.springframework.security/spring-security-taglibs/${spring.security57.tesb.version}$Bundle-SymbolicName=spring-security-taglibs&Bundle-Version=${spring.security57.tesb.version}&Export-Package=org.springframework.*;version=${spring.security57.tesb.version} @@ -146,11 +128,11 @@ mvn:com.fasterxml.jackson.core/jackson-annotations/${jackson.tesb.version} mvn:com.fasterxml.jackson.core/jackson-databind/${jackson-databind.tesb.version} mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.aspectj/${aspectj.bundle.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-core/${spring.security58.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-config/${spring.security58.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-web/${spring.security58.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-acl/${spring.security58.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-taglibs/${spring.security58.tesb.version} + wrap:mvn:org.springframework.security/spring-security-core/${spring.security58.tesb.version}$Bundle-SymbolicName=spring-security-core&Bundle-Version=${spring.security58.tesb.version}&Export-Package=org.springframework.*;version=${spring.security58.tesb.version} + wrap:mvn:org.springframework.security/spring-security-config/${spring.security58.tesb.version}$Bundle-SymbolicName=spring-security-config&Bundle-Version=${spring.security58.tesb.version}&Export-Package=org.springframework.*;version=${spring.security58.tesb.version} + wrap:mvn:org.springframework.security/spring-security-web/${spring.security58.tesb.version}$Bundle-SymbolicName=spring-security-web&Bundle-Version=${spring.security58.tesb.version}&Export-Package=org.springframework.*;version=${spring.security58.tesb.version} + wrap:mvn:org.springframework.security/spring-security-acl/${spring.security58.tesb.version}$Bundle-SymbolicName=spring-security-acl&Bundle-Version=${spring.security58.tesb.version}&Export-Package=org.springframework.*;version=${spring.security58.tesb.version} + wrap:mvn:org.springframework.security/spring-security-taglibs/${spring.security58.tesb.version}$Bundle-SymbolicName=spring-security-taglibs&Bundle-Version=${spring.security58.tesb.version}&Export-Package=org.springframework.*;version=${spring.security58.tesb.version} diff --git a/assemblies/features/standard/src/main/feature/feature.xml b/assemblies/features/standard/src/main/feature/feature.xml index 95fc0b473ae..dd4fbe7e3f1 100644 --- a/assemblies/features/standard/src/main/feature/feature.xml +++ b/assemblies/features/standard/src/main/feature/feature.xml @@ -1456,7 +1456,7 @@ org.apache.felix.eventadmin.AddSubject=true jaas mvn:org.bouncycastle/bcprov-jdk18on/${bouncycastle.tesb.version} - mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.spring-security-crypto/${spring.security57.tesb.version} + wrap:mvn:org.springframework.security/spring-security-crypto/${spring.security57.tesb.version}$Bundle-SymbolicName=spring-security-crypto&Bundle-Version=${spring.security57.tesb.version}&Export-Package=org.springframework.security.crypto.*;version=${spring.security57.tesb.version} mvn:org.apache.karaf.jaas/org.apache.karaf.jaas.spring-security-crypto/${upstream.version} diff --git a/pom.xml b/pom.xml index 1f1ff7d82ee..2c153921125 100644 --- a/pom.xml +++ b/pom.xml @@ -152,10 +152,10 @@ 4.4.3 4.4.3.20240209 - 4.4.3.20231031 + 4.4.3.20240320 4.4.3.20240209 - 4.4.3.20240209 - 4.4.3.20230915 + 4.4.3.20240320 + 4.4.3.20240101 4.4.3.20230726 4.4.3.20230915 4.4.3.20230915 @@ -168,10 +168,10 @@ 0.5.4 1.6.7 1.76 - 5.3.31_1 - 5.3.30_1 - 5.7.5_1 - 5.8.6_1 + 5.3.33 + ${spring53.tesb.version} + 5.7.12 + 5.8.11 2.16.0 ${jackson.tesb.version} 2.14.3