feat(jans-config-api): security issue - upgrade dependencies (#883)

* feat: pom changes for security issues * feat: security issue fix * feat: security issue fix * feat: security issue fix
JanssenProject · Feb 23, 2022 · 10568ff · 10568ff
1 parent 48a3195
commit 10568ff
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 35 deletions.
diff --git a/jans-bom/pom.xml b/jans-bom/pom.xml
@@ -643,7 +643,7 @@
 			<dependency>
 			    <groupId>org.postgresql</groupId>
 			    <artifactId>postgresql</artifactId>
-			    <version>42.2.23.jre7</version>
+			    <version>42.3.2</version>
 			</dependency>
 
 			<!-- SQL Query -->
@@ -662,7 +662,7 @@
 			<dependency>
 			    <groupId>com.google.cloud</groupId>
 			    <artifactId>google-cloud-spanner</artifactId>
-			    <version>6.17.3</version>
+			    <version>6.17.4</version>
 			</dependency>
 			<!-- Force to use latest grpc libs. We need to remove this once google-cloud-spanner will depend on grpc >= 1.43.0  -->
 			<dependency>

diff --git a/jans-config-api/common/pom.xml b/jans-config-api/common/pom.xml
@@ -25,19 +25,10 @@
 			<groupId>io.jans</groupId>
 			<artifactId>jans-config-api-shared</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-core-util</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-model</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-auth-common</artifactId>
-		</dependency>
-
 
 		<!-- RestEasy -->
 		<dependency>
@@ -53,7 +44,6 @@
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
-			<version>3.1.0</version>
 		</dependency>
 
 	</dependencies>

diff --git a/jans-config-api/plugins/pom.xml b/jans-config-api/plugins/pom.xml
@@ -36,4 +36,17 @@
 			<scope>provided</scope>
 		</dependency>
 	</dependencies>
+
+	<build>
+		<pluginManagement>
+			<plugins>
+				<plugin>
+					<groupId>org.apache.maven.plugins</groupId>
+					<artifactId>maven-assembly-plugin</artifactId>
+					<version>3.3.0</version>
+				</plugin>
+			</plugins>
+		</pluginManagement>
+	</build>
+
 </project>
diff --git a/jans-config-api/plugins/scim-plugin/pom.xml b/jans-config-api/plugins/scim-plugin/pom.xml
@@ -187,7 +187,6 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-resources-plugin</artifactId>
-				<version>3.1.0</version>
 				<executions>
 					<execution>
 						<id>deploy-to-local-folder</id>

diff --git a/jans-config-api/pom.xml b/jans-config-api/pom.xml
@@ -23,7 +23,7 @@
 
 		<jans.version>1.0.0-SNAPSHOT</jans.version>
 		<weld.version>3.1.2.Final</weld.version>
-		<jetty.version>9.4.44.v20210927</jetty.version>
+		<jetty.version>11.0.1</jetty.version>
 		<resteasy.version>4.5.10.Final</resteasy.version>
 		<jackson.version>2.10.1</jackson.version>
 		<microprofile.version>3.0</microprofile.version>

diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties
@@ -39,11 +39,11 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/con
 #test.issuer=https:// pujavs.jans.server3
 
 # jans.server1
-#token.endpoint=https://jans.server1/jans-auth/restv1/token
-#token.grant.type=client_credentials
-#test.client.id=1800.df97feac-c94e-468d-9e22-48946da45403
-#test.client.secret=OL13IYRG0IjV
-#test.issuer=https://jans.server1
+token.endpoint=https://jans.server1/jans-auth/restv1/token
+token.grant.type=client_credentials
+test.client.id=1800.d166622d-6771-4d5a-8fab-555566b20091
+test.client.secret=slkveBOhwJn5
+test.issuer=https://jans.server1
 
 # jans.server2
 #token.endpoint=https://jans.server2/jans-auth/restv1/token
@@ -60,10 +60,10 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/con
 #test.issuer=https://jans.server3
 
 # jans.server4
-token.endpoint=https://jans.server4/jans-auth/restv1/token
-token.grant.type=client_credentials
-test.client.id=1800.7e78990f-fdae-40e9-9433-4fe20645851d
-test.client.secret=GfUrIapPM71X
-test.issuer=https://jans.server4
+#token.endpoint=https://jans.server4/jans-auth/restv1/token
+#token.grant.type=client_credentials
+#test.client.id=1800.7e78990f-fdae-40e9-9433-4fe20645851d
+#test.client.secret=GfUrIapPM71X
+#test.issuer=https://jans.server4
 
 
diff --git a/jans-config-api/server/src/main/resources/log4j2.xml b/jans-config-api/server/src/main/resources/log4j2.xml
@@ -104,9 +104,11 @@
 			<AppenderRef ref="JANS_CONFIGAPI_SCRIPT_LOG_FILE" />
 		</logger>
 
-        <Root level="ERROR">
-            <AppenderRef ref="Console" />
+        <Root level="INFO">
+			<AppenderRef ref="FILE" />
+			<AppenderRef ref="STDOUT" />
         </Root>
+
     </Loggers>
 
 </Configuration>
diff --git a/jans-config-api/shared/pom.xml b/jans-config-api/shared/pom.xml
@@ -15,10 +15,6 @@
 	<dependencies>
 
 		<!-- jans -->
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-core-util</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-model</artifactId>
@@ -35,11 +31,6 @@
 			<groupId>io.jans</groupId>
 			<artifactId>jans-core-service</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.jans</groupId>
-			<artifactId>jans-client-api</artifactId>
-		</dependency>
-
 
 		<!-- Weld -->
 		<dependency>