Implement OWASP Dependency Check for selected webapps (BUILD-373)

[BUILD-377] Manage three last libraries in dx-core CVE report Created: 18/Mar/20  Updated: 12/Feb/21  Resolved: 21/Mar/20

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: BOM 6.2

Type: Sub-task Priority: Neutral
Reporter: Dai Ha Assignee: Dai Ha
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: 0d
Time Spent: 0.75d
Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MGNLEE-601 DX Core - Manage three last libraries... Closed
Relates
relates to MGNLCE-222 CE - Manage three last libraries in d... Closed
relates to MGNLEE-600 Align jBPM version in magnolia dx cor... Closed
Template:
Sprint: 6.2 Ramp-up 19, 6.2 Ramp-up 20

 Description   

commons-collections-3.1.jar

  • via org.apache:jackrabbit-ocm:jar:2.0.0 (not maintained)
  • check if any transitive commons-collections >= 3.2.2 drag in, otherwise manage the version in boms & sync with jackrabbit
    • other jackrabbit libs bring 3.2.2 => exclude from ocm to make sure we don't conflict
  • re-check workflow functional

slf4j-ext-1.7.25

  • exclude in org.testcontainers:testcontainers
  • manage in pom, sync the version with current/other slf4j libs (1.7.30)

groovy-all-2.2.1.jar

  • manage in boms, same version with groovy group
  • upgrade in magnolia-dx-core-integration-tests

postgresql-42.1.4.jre7.jar: notified cloud teams.


Generated at Sun Feb 11 23:41:22 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.