Skip to content

Commit 3927a17

Browse files
authored
Issue #1510: Upgrade libraries to fix CVEs (#1513)
1 parent 0585593 commit 3927a17

9 files changed

Lines changed: 162 additions & 82 deletions

File tree

org.restlet.ext.jackson/pom.xml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,16 @@
6060
<artifactId>jackson-module-jsonSchema</artifactId>
6161
<version>${lib-jackson-version}</version>
6262
</dependency>
63+
<dependency>
64+
<groupId>org.codehaus.woodstox</groupId>
65+
<artifactId>stax2-api</artifactId>
66+
<version>4.2.2</version>
67+
</dependency>
68+
<dependency>
69+
<groupId>com.fasterxml.woodstox</groupId>
70+
<artifactId>woodstox-core</artifactId>
71+
<version>7.1.1</version>
72+
</dependency>
6373
<dependency>
6474
<groupId>org.restlet</groupId>
6575
<artifactId>org.restlet</artifactId>

org.restlet.ext.openapi/pom.xml

Lines changed: 39 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,19 +21,49 @@
2121
<artifactId>swagger-core</artifactId>
2222
<version>${lib-swagger-core-version}</version>
2323
</dependency>
24-
2524
<dependency>
2625
<groupId>io.swagger.core.v3</groupId>
2726
<artifactId>swagger-annotations</artifactId>
2827
<version>${lib-swagger-core-version}</version>
2928
</dependency>
30-
3129
<dependency>
3230
<groupId>io.swagger.core.v3</groupId>
3331
<artifactId>swagger-integration</artifactId>
3432
<version>${lib-swagger-core-version}</version>
3533
</dependency>
34+
<dependency>
35+
<groupId>io.swagger.core.v3</groupId>
36+
<artifactId>swagger-models</artifactId>
37+
<version>${lib-swagger-core-version}</version>
38+
</dependency>
39+
40+
<dependency>
41+
<groupId>com.fasterxml.jackson.core</groupId>
42+
<artifactId>jackson-core</artifactId>
43+
<version>${lib-jackson-version}</version>
44+
</dependency>
45+
<dependency>
46+
<groupId>com.fasterxml.jackson.core</groupId>
47+
<artifactId>jackson-annotations</artifactId>
48+
<version>${lib-jackson-annotations-version}</version>
49+
</dependency>
50+
<dependency>
51+
<groupId>com.fasterxml.jackson.dataformat</groupId>
52+
<artifactId>jackson-dataformat-yaml</artifactId>
53+
<version>${lib-jackson-version}</version>
54+
</dependency>
55+
<dependency>
56+
<groupId>com.fasterxml.jackson.core</groupId>
57+
<artifactId>jackson-databind</artifactId>
58+
<version>${lib-jackson-version}</version>
59+
</dependency>
3660

61+
<dependency>
62+
<groupId>io.swagger.parser.v3</groupId>
63+
<artifactId>swagger-parser-v3</artifactId>
64+
<version>${lib-swagger-parser-version}</version>
65+
<scope>test</scope>
66+
</dependency>
3767
<dependency>
3868
<groupId>org.restlet</groupId>
3969
<artifactId>org.restlet</artifactId>
@@ -54,6 +84,13 @@
5484
<scope>test</scope>
5585
</dependency>
5686

87+
<dependency>
88+
<groupId>io.swagger.parser.v3</groupId>
89+
<artifactId>swagger-parser-core</artifactId>
90+
<version>${lib-swagger-parser-version}</version>
91+
<scope>test</scope>
92+
</dependency>
93+
5794
<dependency>
5895
<groupId>io.swagger.parser.v3</groupId>
5996
<artifactId>swagger-parser</artifactId>

org.restlet.ext.openapi/src/main/java/org/restlet/ext/openapi/internal/RestletOpenApiContext.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
import io.swagger.v3.oas.integration.GenericOpenApiContext;
1212
import io.swagger.v3.oas.integration.api.OpenAPIConfiguration;
1313
import io.swagger.v3.oas.integration.api.OpenApiReader;
14-
import org.apache.commons.lang3.StringUtils;
14+
import org.restlet.engine.util.StringUtils;
1515
import org.restlet.routing.Router;
1616

1717
public class RestletOpenApiContext extends GenericOpenApiContext<RestletOpenApiContext> {
@@ -24,14 +24,14 @@ public RestletOpenApiContext(Router router) {
2424
@Override
2525
protected OpenApiReader buildReader(OpenAPIConfiguration openApiConfiguration)
2626
throws Exception {
27-
OpenApiReader reader;
27+
final OpenApiReader reader;
2828

29-
if (StringUtils.isNotBlank(openApiConfiguration.getReaderClass())) {
29+
if (StringUtils.isNullOrEmpty(openApiConfiguration.getReaderClass())) {
30+
reader = new RestletOpenApiReader();
31+
} else {
3032
Class<?> cls =
3133
getClass().getClassLoader().loadClass(openApiConfiguration.getReaderClass());
3234
reader = (OpenApiReader) cls.getDeclaredConstructor().newInstance();
33-
} else {
34-
reader = new RestletOpenApiReader();
3535
}
3636

3737
if (reader instanceof RestletOpenApiReader restletOpenApiReader) {

org.restlet.ext.openapi/src/main/java/org/restlet/ext/openapi/internal/RestletOpenApiContextBuilder.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
import io.swagger.v3.oas.integration.OpenApiConfigurationException;
1313
import io.swagger.v3.oas.integration.OpenApiContextLocator;
1414
import io.swagger.v3.oas.integration.api.OpenApiContext;
15-
import org.apache.commons.lang3.StringUtils;
15+
import org.restlet.engine.util.StringUtils;
1616
import org.restlet.routing.Router;
1717

1818
public class RestletOpenApiContextBuilder
@@ -26,7 +26,7 @@ public RestletOpenApiContextBuilder router(Router router) {
2626

2727
@Override
2828
public OpenApiContext buildContext(boolean init) throws OpenApiConfigurationException {
29-
if (StringUtils.isBlank(ctxId)) {
29+
if (StringUtils.isNullOrEmpty(ctxId)) {
3030
ctxId = OpenApiContext.OPENAPI_CONTEXT_ID_DEFAULT;
3131
}
3232

org.restlet.ext.slf4j/pom.xml

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,21 +15,15 @@
1515
<description>Support for the SLF4J logging bridge.</description>
1616

1717
<dependencies>
18-
<dependency>
19-
<groupId>org.slf4j</groupId>
20-
<artifactId>slf4j-api</artifactId>
21-
<version>${lib-slf4j-version}</version>
22-
</dependency>
2318
<dependency>
2419
<groupId>org.restlet</groupId>
2520
<artifactId>org.restlet</artifactId>
2621
<version>${project.version}</version>
2722
</dependency>
2823
<dependency>
2924
<groupId>org.slf4j</groupId>
30-
<artifactId>slf4j-jdk14</artifactId>
25+
<artifactId>slf4j-api</artifactId>
3126
<version>${lib-slf4j-version}</version>
32-
<scope>test</scope>
3327
</dependency>
3428
<dependency>
3529
<groupId>org.junit.jupiter</groupId>

org.restlet.ext.spring/pom.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@
2525
<artifactId>spring-context</artifactId>
2626
<version>${lib-spring-version}</version>
2727
</dependency>
28+
<dependency>
29+
<groupId>org.springframework</groupId>
30+
<artifactId>spring-beans</artifactId>
31+
<version>${lib-spring-version}</version>
32+
</dependency>
2833
<dependency>
2934
<groupId>org.restlet</groupId>
3035
<artifactId>org.restlet</artifactId>

org.restlet.ext.velocity/pom.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,11 @@
1515
<description>Integration with Apache Velocity.</description>
1616

1717
<dependencies>
18+
<dependency>
19+
<groupId>org.apache.commons</groupId>
20+
<artifactId>commons-lang3</artifactId>
21+
<version>3.20.0</version>
22+
</dependency>
1823
<dependency>
1924
<groupId>org.apache.velocity</groupId>
2025
<artifactId>velocity-engine-core</artifactId>

org.restlet/pom.xml

Lines changed: 91 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -15,73 +15,100 @@
1515
<description>Restlet API and Engine</description>
1616

1717
<dependencies>
18-
<dependency>
19-
<groupId>org.eclipse.jetty</groupId>
20-
<artifactId>jetty-server</artifactId>
21-
<version>${lib-jetty-version}</version>
22-
</dependency>
23-
<dependency>
24-
<groupId>org.eclipse.jetty.http2</groupId>
25-
<artifactId>jetty-http2-server</artifactId>
26-
<version>${lib-jetty-version}</version>
27-
</dependency>
28-
<dependency>
29-
<groupId>org.eclipse.jetty</groupId>
30-
<artifactId>jetty-alpn-server</artifactId>
31-
<version>${lib-jetty-version}</version>
32-
</dependency>
33-
<dependency>
34-
<groupId>org.eclipse.jetty</groupId>
35-
<artifactId>jetty-alpn-java-server</artifactId>
36-
<version>${lib-jetty-version}</version>
37-
</dependency>
38-
<dependency>
39-
<groupId>org.eclipse.jetty.http3</groupId>
40-
<artifactId>jetty-http3-server</artifactId>
41-
<version>${lib-jetty-version}</version>
42-
</dependency>
43-
<dependency>
44-
<groupId>org.eclipse.jetty.quic</groupId>
45-
<artifactId>jetty-quic-server</artifactId>
46-
<version>${lib-jetty-version}</version>
47-
</dependency>
48-
<dependency>
49-
<groupId>org.eclipse.jetty</groupId>
50-
<artifactId>jetty-client</artifactId>
51-
<version>${lib-jetty-version}</version>
52-
</dependency>
53-
<dependency>
54-
<groupId>org.eclipse.jetty.http2</groupId>
55-
<artifactId>jetty-http2-client</artifactId>
56-
<version>${lib-jetty-version}</version>
57-
</dependency>
58-
<dependency>
59-
<groupId>org.eclipse.jetty.http2</groupId>
60-
<artifactId>jetty-http2-client-transport</artifactId>
61-
<version>${lib-jetty-version}</version>
62-
</dependency>
63-
<dependency>
64-
<groupId>org.eclipse.jetty.http3</groupId>
65-
<artifactId>jetty-http3-client</artifactId>
66-
<version>${lib-jetty-version}</version>
67-
</dependency>
68-
<dependency>
69-
<groupId>org.eclipse.jetty.http3</groupId>
70-
<artifactId>jetty-http3-client-transport</artifactId>
71-
<version>${lib-jetty-version}</version>
72-
</dependency>
73-
<dependency>
74-
<groupId>org.eclipse.jetty</groupId>
75-
<artifactId>jetty-slf4j-impl</artifactId>
76-
<version>${lib-jetty-version}</version>
77-
</dependency>
78-
<dependency>
18+
<dependency>
19+
<groupId>org.eclipse.jetty</groupId>
20+
<artifactId>jetty-server</artifactId>
21+
<version>${lib-jetty-version}</version>
22+
</dependency>
23+
<dependency>
24+
<groupId>org.eclipse.jetty.http2</groupId>
25+
<artifactId>jetty-http2-server</artifactId>
26+
<version>${lib-jetty-version}</version>
27+
</dependency>
28+
<dependency>
29+
<groupId>org.eclipse.jetty</groupId>
30+
<artifactId>jetty-alpn-server</artifactId>
31+
<version>${lib-jetty-version}</version>
32+
</dependency>
33+
<dependency>
34+
<groupId>org.eclipse.jetty</groupId>
35+
<artifactId>jetty-alpn-java-server</artifactId>
36+
<version>${lib-jetty-version}</version>
37+
</dependency>
38+
<dependency>
39+
<groupId>org.eclipse.jetty.http3</groupId>
40+
<artifactId>jetty-http3-server</artifactId>
41+
<version>${lib-jetty-version}</version>
42+
</dependency>
43+
<dependency>
44+
<groupId>org.eclipse.jetty.quic</groupId>
45+
<artifactId>jetty-quic-server</artifactId>
46+
<version>${lib-jetty-version}</version>
47+
</dependency>
48+
<dependency>
49+
<groupId>org.eclipse.jetty</groupId>
50+
<artifactId>jetty-client</artifactId>
51+
<version>${lib-jetty-version}</version>
52+
</dependency>
53+
<dependency>
54+
<groupId>org.eclipse.jetty.http2</groupId>
55+
<artifactId>jetty-http2-client</artifactId>
56+
<version>${lib-jetty-version}</version>
57+
</dependency>
58+
<dependency>
59+
<groupId>org.eclipse.jetty.http2</groupId>
60+
<artifactId>jetty-http2-client-transport</artifactId>
61+
<version>${lib-jetty-version}</version>
62+
</dependency>
63+
<dependency>
64+
<groupId>org.eclipse.jetty.http3</groupId>
65+
<artifactId>jetty-http3-client</artifactId>
66+
<version>${lib-jetty-version}</version>
67+
</dependency>
68+
<dependency>
69+
<groupId>org.eclipse.jetty.http3</groupId>
70+
<artifactId>jetty-http3-client-transport</artifactId>
71+
<version>${lib-jetty-version}</version>
72+
</dependency>
73+
<dependency>
74+
<groupId>org.eclipse.jetty</groupId>
75+
<artifactId>jetty-slf4j-impl</artifactId>
76+
<version>${lib-jetty-version}</version>
77+
</dependency>
78+
<dependency>
79+
<groupId>org.eclipse.jetty</groupId>
80+
<artifactId>jetty-util</artifactId>
81+
<version>${lib-jetty-version}</version>
82+
</dependency>
83+
<dependency>
84+
<groupId>org.eclipse.jetty</groupId>
85+
<artifactId>jetty-io</artifactId>
86+
<version>${lib-jetty-version}</version>
87+
</dependency>
88+
<dependency>
89+
<groupId>org.eclipse.jetty</groupId>
90+
<artifactId>jetty-http</artifactId>
91+
<version>${lib-jetty-version}</version>
92+
</dependency>
93+
<dependency>
94+
<groupId>org.eclipse.jetty.quic</groupId>
95+
<artifactId>jetty-quic-client</artifactId>
96+
<version>${lib-jetty-version}</version>
97+
</dependency>
98+
<dependency>
7999
<groupId>org.osgi</groupId>
80100
<artifactId>org.osgi.core</artifactId>
81101
<version>${lib-osgi-version}</version>
82102
<scope>provided</scope>
83103
<optional>true</optional>
84104
</dependency>
105+
106+
<dependency>
107+
<groupId>org.junit.jupiter</groupId>
108+
<artifactId>junit-jupiter-api</artifactId>
109+
<version>5.14.4</version>
110+
<scope>test</scope>
111+
</dependency>
85112
<dependency>
86113
<groupId>org.junit.jupiter</groupId>
87114
<artifactId>junit-jupiter-params</artifactId>
@@ -110,7 +137,9 @@
110137
<groups>
111138
<group>
112139
<title>Restlet API</title>
113-
<packages>org.restlet:org.restlet.data*:org.restlet.representation*:org.restlet.resource*:org.restlet.routing*:org.restlet.security*:org.restlet.service*:org.restlet.util*</packages>
140+
<packages>
141+
org.restlet:org.restlet.data*:org.restlet.representation*:org.restlet.resource*:org.restlet.routing*:org.restlet.security*:org.restlet.service*:org.restlet.util*
142+
</packages>
114143
</group>
115144
<group>
116145
<title>Restlet Engine</title>

pom.xml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,8 +53,8 @@
5353
<!-- dependencies -->
5454
<lib-freemarker-version>2.3.34</lib-freemarker-version>
5555
<lib-gson-version>2.14.0</lib-gson-version>
56-
<lib-jackson-version>2.21.4</lib-jackson-version>
57-
<lib-jackson-annotations-version>2.21</lib-jackson-annotations-version>
56+
<lib-jackson-version>2.22.0</lib-jackson-version>
57+
<lib-jackson-annotations-version>2.22</lib-jackson-annotations-version>
5858
<lib-joda-time-version>2.14.2</lib-joda-time-version>
5959
<lib-jetty-version>12.0.36</lib-jetty-version>
6060
<lib-json-version>20260522</lib-json-version>
@@ -63,8 +63,8 @@
6363
<lib-osgi-version>4.3.1</lib-osgi-version>
6464
<lib-slf4j-version>2.0.18</lib-slf4j-version>
6565
<lib-spring-version>7.0.8</lib-spring-version>
66-
<lib-swagger-core-version>2.2.50</lib-swagger-core-version>
67-
<lib-swagger-parser-version>2.1.43</lib-swagger-parser-version>
66+
<lib-swagger-core-version>2.2.52</lib-swagger-core-version>
67+
<lib-swagger-parser-version>2.1.45</lib-swagger-parser-version>
6868
<lib-thymeleaf-version>3.1.5.RELEASE</lib-thymeleaf-version>
6969
<lib-velocity-version>2.4.1</lib-velocity-version>
7070
<!-- tests -->

0 commit comments

Comments
 (0)