diff options
| author |   JvD_Ericsson <jeff.van.dam@est.tech> | 2023-10-10 13:35:20 +0100 |
|---|---|---|
| committer | JEFF VAN DAM <jeff.van.dam@est.tech> | 2023-10-12 12:17:35 +0000 |
| commit | b2bfa0ea4eda5867d9fec8edc1e8ca11e648f194 (patch) | |
| tree | 757bec5d5e6e9a03133230c2827553e01c93556e | |
| parent | d1864800b7b4f320d469e053921035bf98da7d72 (diff) | |
Upgrade vunerable depenecncies
can't upgrade springframework to 6.0.12
since 6.0.12 requires java 17
Issue-ID: SDC-4653
Signed-off-by: JvD_Ericsson <jeff.van.dam@est.tech>
Change-Id: I041fb124472b6385d50877d25cb989303f3dbb08
| -rw-r--r-- | .readthedocs.yaml | 5 | ||||
| -rw-r--r-- | pom.xml | 2 | ||||
| -rw-r--r-- | sdc-workflow-designer-be/pom.xml | 4 | ||||
| -rw-r--r-- | sdc-workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java | 32 |
4 files changed, 23 insertions, 20 deletions
diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 3797dc8b..e442ca78 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -9,10 +9,11 @@ formats: - htmlzip build: - image: latest + os: ubuntu-20.04 + tools: + python: "3.8" python: - version: 3.7 install: - requirements: docs/requirements-docs.txt @@ -53,7 +53,7 @@ <build-helper-maven-plugin.version>3.3.0</build-helper-maven-plugin.version> <docker.api.version>1.41</docker.api.version> <checkstyle.skip>true</checkstyle.skip> - <jetty.version>9.4.49.v20220914</jetty.version> + <jetty.version>10.0.16</jetty.version> </properties> <parent> diff --git a/sdc-workflow-designer-be/pom.xml b/sdc-workflow-designer-be/pom.xml index 7e2d39c0..e3b29938 100644 --- a/sdc-workflow-designer-be/pom.xml +++ b/sdc-workflow-designer-be/pom.xml @@ -15,7 +15,7 @@ <properties> <spring.boot.version>2.2.13.RELEASE</spring.boot.version> - <org.springframework.version>5.2.23.RELEASE</org.springframework.version> + <org.springframework.version>5.3.30</org.springframework.version> <mapstruct.version>1.5.3.Final</mapstruct.version> <lombok.version>1.18.26</lombok.version> <springfox.version>3.0.0</springfox.version> @@ -51,7 +51,7 @@ <dependency> <groupId>org.codehaus.janino</groupId> <artifactId>janino</artifactId> - <version>3.0.16</version> + <version>3.1.10</version> <scope>runtime</scope> </dependency> <dependency> diff --git a/sdc-workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java b/sdc-workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java index 775706d2..91d456d1 100644 --- a/sdc-workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java +++ b/sdc-workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java @@ -22,21 +22,23 @@ package org.onap.workflow.web; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Enumeration; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.client.api.Request; +import org.eclipse.jetty.client.dynamic.HttpClientTransportDynamic; +import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.http.HttpHeader; import org.eclipse.jetty.http.HttpScheme; +import org.eclipse.jetty.io.ClientConnector; import org.eclipse.jetty.proxy.ProxyServlet; import org.eclipse.jetty.util.URIUtil; import org.eclipse.jetty.util.ssl.SslContextFactory; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Enumeration; - /*** * Class that provides the proxy implementation for both secured and unsecured backend connections. @@ -85,8 +87,9 @@ public class SSLProxyServlet extends ProxyServlet { private void initProxyUrl() throws ServletException, MalformedURLException { - if (SSLProxyServlet.proxyUrl != null) + if (SSLProxyServlet.proxyUrl != null) { return; + } String proxyUrlStr = System.getProperty(PROXY_TO); if (proxyUrlStr == null) { throw new ServletException("-D" + PROXY_TO + " must be specified"); @@ -113,12 +116,12 @@ public class SSLProxyServlet extends ProxyServlet { Enumeration<String> headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); - if (!proxyRequest.getHeaders().containsKey(headerName)) { + if (!proxyRequest.getHeaders().contains(headerName)) { String headerVal = request.getHeader(headerName); proxyRequest.header(headerName, headerVal); } } - proxyRequest.getHeaders().remove(HttpHeader.HOST); + ((HttpFields.Mutable) proxyRequest.getHeaders()).remove(HttpHeader.HOST); super.sendProxyRequest(request, response, proxyRequest); } @@ -131,7 +134,7 @@ public class SSLProxyServlet extends ProxyServlet { proxyUrl.getProtocol().equalsIgnoreCase(HttpScheme.HTTPS.toString())); if ((isSecureClient)) { String trustAll = System.getProperty(TRUST_ALL); - SslContextFactory sslContextFactory = null; + SslContextFactory.Client sslContextFactory = null; if (trustAll != null && Boolean.parseBoolean(trustAll) == Boolean.TRUE) { sslContextFactory = new SslContextFactory.Client(true); } else { @@ -157,8 +160,9 @@ public class SSLProxyServlet extends ProxyServlet { sslContextFactory.setIncludeCipherSuites(System.getProperty(KEYSTORE_CYPHER)); } } - - return new HttpClient(sslContextFactory); + ClientConnector clientConnector = new ClientConnector(); + clientConnector.setSslContextFactory(sslContextFactory); + return new HttpClient(new HttpClientTransportDynamic(clientConnector)); } else { return super.newHttpClient(); @@ -178,7 +182,6 @@ public class SSLProxyServlet extends ProxyServlet { HttpClient client = super.createHttpClient(); setTimeout(TIMEOUT); client.setIdleTimeout(TIMEOUT); - client.setStopTimeout(TIMEOUT); if (System.getProperty(MAX_POOL_CONNECTIONS) != null) { client.setMaxConnectionsPerDestination( Integer.valueOf(System.getProperty(MAX_POOL_CONNECTIONS))); @@ -188,7 +191,6 @@ public class SSLProxyServlet extends ProxyServlet { } - @Override protected String rewriteTarget(HttpServletRequest request) { |