From 3e21e5aaaf1d8e65b91ec052c60ed70993a4ae76 Mon Sep 17 00:00:00 2001 From: YANGDB Date: Wed, 4 Jan 2023 12:31:54 -0800 Subject: [PATCH 1/2] patch CVE and sync versioning (#44) patch CVE related versioning upgrades sync build version number update TLSServer as subject to CVE patch upgrade Signed-off-by: YANGDB --- build.gradle | 8 ++++---- src/main/java/org/opensearch/jdbc/internal/Version.java | 2 +- src/test/java/org/opensearch/jdbc/test/TLSServer.java | 4 +--- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index dba2ea8..74e3f17 100644 --- a/build.gradle +++ b/build.gradle @@ -25,7 +25,7 @@ plugins { group 'org.opensearch.driver' // keep version in sync with version in Driver source -version '2.0.0.0' +version '1.2.0.0' boolean snapshot = "true".equals(System.getProperty("build.snapshot", "false")); if (snapshot) { @@ -47,16 +47,16 @@ repositories { dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13' - implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: "2.13.3" + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: "2.13.4.2" implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.452' testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1') testImplementation('org.junit.jupiter:junit-jupiter-params:5.3.1') - testImplementation('com.github.tomakehurst:wiremock:2.27.2') + testImplementation('com.github.tomakehurst:wiremock-jre8-standalone:2.34.0') testImplementation('org.mockito:mockito-core:2.23.0') testImplementation('org.junit.jupiter:junit-jupiter-engine:5.3.1') testImplementation('org.junit-pioneer:junit-pioneer:0.3.0') - testImplementation('org.eclipse.jetty:jetty-server:9.2.24.v20180105') + testImplementation('org.eclipse.jetty:jetty-server:9.4.48.v20220622') // Enforce wiremock to use latest guava and json-smart testImplementation('com.google.guava:guava:31.1-jre') diff --git a/src/main/java/org/opensearch/jdbc/internal/Version.java b/src/main/java/org/opensearch/jdbc/internal/Version.java index 977e743..4beaaad 100644 --- a/src/main/java/org/opensearch/jdbc/internal/Version.java +++ b/src/main/java/org/opensearch/jdbc/internal/Version.java @@ -9,7 +9,7 @@ public enum Version { // keep this in sync with the gradle version - Current(1, 0, 0, 0); + Current(1, 2, 0, 0); private int major; private int minor; diff --git a/src/test/java/org/opensearch/jdbc/test/TLSServer.java b/src/test/java/org/opensearch/jdbc/test/TLSServer.java index cb57fdb..1bd7cb8 100644 --- a/src/test/java/org/opensearch/jdbc/test/TLSServer.java +++ b/src/test/java/org/opensearch/jdbc/test/TLSServer.java @@ -70,7 +70,7 @@ public static Server startSecureServer( ServerConnector httpsConnector = null; // setup ssl - SslContextFactory sslContextFactory = new SslContextFactory(); + SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath(keyStorePath); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyStoreType(keyStoreType); @@ -132,8 +132,6 @@ private static ServerConnector createServerConnector( connectionFactories ); connector.setPort(port); - connector.setStopTimeout(0); - connector.getSelectorManager().setStopTimeout(0); connector.setHost(bindAddress); return connector; From 567fb1558cbac3e4c3704b23d1bc8f5c804e8022 Mon Sep 17 00:00:00 2001 From: "mend-for-github.aaakk.us.kg[bot]" <50673670+mend-for-github.aaakk.us.kg[bot]@users.noreply.github.com> Date: Wed, 4 Jan 2023 12:38:42 -0800 Subject: [PATCH 2/2] Update dependency com.amazonaws:aws-java-sdk-core to v1.12.1 (#10) Co-authored-by: mend-for-github.aaakk.us.kg[bot] <50673670+mend-for-github.aaakk.us.kg[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 74e3f17..8333aec 100644 --- a/build.gradle +++ b/build.gradle @@ -48,7 +48,7 @@ repositories { dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13' implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: "2.13.4.2" - implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.11.452' + implementation group: 'com.amazonaws', name: 'aws-java-sdk-core', version: '1.12.1' testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1') testImplementation('org.junit.jupiter:junit-jupiter-params:5.3.1')