From 3c4d5db048c2b7c5a0f30d0f3f92b15ebf241a6c Mon Sep 17 00:00:00 2001 From: Charles Singleton Date: Wed, 7 Aug 2024 14:52:18 -0400 Subject: [PATCH 1/2] [PPP-4784] Vulnerable Component: groovy - Update groovy minor version to 2.4.21 to address CVE-2020-17521 JIRA: https://hv-eng.atlassian.net/browse/PPP-4784 --- assemblies/psw-ce/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/psw-ce/pom.xml b/assemblies/psw-ce/pom.xml index b4fd41adcf..77c5ae6e21 100644 --- a/assemblies/psw-ce/pom.xml +++ b/assemblies/psw-ce/pom.xml @@ -16,7 +16,7 @@ 1.0 10.3.0.0-SNAPSHOT - 2.4.8 + 2.4.21 10.3.0.0-SNAPSHOT 10.3.0.0-SNAPSHOT 1.19.1 From 63ebc1a6f0744f2d87361050a0b9fe7017ba207a Mon Sep 17 00:00:00 2001 From: Charles Singleton Date: Wed, 7 Aug 2024 15:04:56 -0400 Subject: [PATCH 2/2] Update pom.xml include exclusion for all groovy transitive dependencies to avoid associated vulnerabilities --- assemblies/psw-ce/pom.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/assemblies/psw-ce/pom.xml b/assemblies/psw-ce/pom.xml index 77c5ae6e21..4ccedc1693 100644 --- a/assemblies/psw-ce/pom.xml +++ b/assemblies/psw-ce/pom.xml @@ -184,6 +184,12 @@ org.codehaus.groovy groovy-all ${dependency.groovy-all.revision} + + + * + * + + com.sun.jersey