[BUG] XXE Injection Levels Don't Work #620
Comments
Closed
markdenihan
pushed a commit
that referenced
this issue
May 16, 2022
…rifying fixes (#638) * publish to OWASP DockerHub * update readme to point to owasp shepherd * closes issue #620 * closes issue #622 * closes issue #624 * removing unused import * fixing linting issue * fixing some weirdness when running on docker where key doesn't get displayed properly * Bump fongo from 2.0.6 to 2.1.1 Bumps [fongo](https://github.com/fakemongo/fongo) from 2.0.6 to 2.1.1. - [Release notes](https://github.com/fakemongo/fongo/releases) - [Changelog](https://github.com/fakemongo/fongo/blob/master/CHANGELOG) - [Commits](fakemongo/fongo@fongo-2.0.6...fongo-2.1.1) --- updated-dependencies: - dependency-name: com.github.fakemongo:fongo dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump argon2-jvm from 2.2 to 2.11 Bumps [argon2-jvm](https://github.com/phxql/argon2-jvm) from 2.2 to 2.11. - [Release notes](https://github.com/phxql/argon2-jvm/releases) - [Changelog](https://github.com/phxql/argon2-jvm/blob/master/CHANGELOG.md) - [Commits](phxql/argon2-jvm@v2.2...v2.11) --- updated-dependencies: - dependency-name: de.mkammerer:argon2-jvm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.1.1.RELEASE to 5.3.19 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.1.1.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.1.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.16 to 5.3.19 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.16 to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.16...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump encoder from 1.2.1 to 1.2.3 Bumps [encoder](https://github.com/owasp/owasp-java-encoder) from 1.2.1 to 1.2.3. - [Release notes](https://github.com/owasp/owasp-java-encoder/releases) - [Commits](OWASP/owasp-java-encoder@v1.2.1...v1.2.3) --- updated-dependencies: - dependency-name: org.owasp.encoder:encoder dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump junit-jupiter-engine from 5.0.1 to 5.8.2 Bumps [junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.0.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.0.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.4.1 to 3.12.10 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.4.1 to 3.12.10. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.4.1...r3.12.10) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing issue where csrf two and three crossover * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.3 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.3. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.8.1 to 3.10.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.8.1...maven-compiler-plugin-3.10.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Conforming to the way xxe challenge 1 is set up * cheats for xxe levels * fixing lint issue * Bump properties-maven-plugin from 1.0.0 to 1.1.0 Bumps [properties-maven-plugin](https://github.com/mojohaus/properties-maven-plugin) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/mojohaus/properties-maven-plugin/releases) - [Commits](mojohaus/properties-maven-plugin@properties-maven-plugin-1.0.0...properties-maven-plugin-1.1.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:properties-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump json from 20211205 to 20220320 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20211205 to 20220320. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-test from 5.0.7.RELEASE to 5.3.19 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.19 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-clean-plugin from 3.1.0 to 3.2.0 Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.1.0...maven-clean-plugin-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump build-helper-maven-plugin from 3.0.0 to 3.3.0 Bumps [build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.0.0 to 3.3.0. - [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases) - [Commits](mojohaus/build-helper-maven-plugin@build-helper-maven-plugin-3.0.0...build-helper-maven-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:build-helper-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fixing csrf challenge 2 where id was not displayed and cheat had a typo * marking adjustments to CSRF levels to make them clearer * fixing lint issue * adjusting xxe * fixing lint issue * fixing lint issue * fixing lint issue * fixing lint issue * Revert "adjusting xxe" * fixing lint issue * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.4 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.4. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mockito-core from 4.4.0 to 4.5.1 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.5.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.5.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.12.10 to 3.12.11 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.12.10 to 3.12.11. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.12.10...r3.12.11) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Increase maximum header size to allow proxy headers Increase the maxHttpHeaderSize to "65536" to allow oauth proxy headers Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co>
|
fixed in #638 |
ismisepaul
added a commit
to elastic/SecurityShepherd
that referenced
this issue
May 16, 2022
* Fixing Some Levels, Upgrading Libraries, Enhancement to Tomcat and verifying fixes (OWASP#638) * publish to OWASP DockerHub * update readme to point to owasp shepherd * closes issue OWASP#620 * closes issue OWASP#622 * closes issue OWASP#624 * removing unused import * fixing linting issue * fixing some weirdness when running on docker where key doesn't get displayed properly * Bump fongo from 2.0.6 to 2.1.1 Bumps [fongo](https://github.com/fakemongo/fongo) from 2.0.6 to 2.1.1. - [Release notes](https://github.com/fakemongo/fongo/releases) - [Changelog](https://github.com/fakemongo/fongo/blob/master/CHANGELOG) - [Commits](fakemongo/fongo@fongo-2.0.6...fongo-2.1.1) --- updated-dependencies: - dependency-name: com.github.fakemongo:fongo dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump argon2-jvm from 2.2 to 2.11 Bumps [argon2-jvm](https://github.com/phxql/argon2-jvm) from 2.2 to 2.11. - [Release notes](https://github.com/phxql/argon2-jvm/releases) - [Changelog](https://github.com/phxql/argon2-jvm/blob/master/CHANGELOG.md) - [Commits](phxql/argon2-jvm@v2.2...v2.11) --- updated-dependencies: - dependency-name: de.mkammerer:argon2-jvm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.1.1.RELEASE to 5.3.19 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.1.1.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.1.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.16 to 5.3.19 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.16 to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.16...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump encoder from 1.2.1 to 1.2.3 Bumps [encoder](https://github.com/owasp/owasp-java-encoder) from 1.2.1 to 1.2.3. - [Release notes](https://github.com/owasp/owasp-java-encoder/releases) - [Commits](OWASP/owasp-java-encoder@v1.2.1...v1.2.3) --- updated-dependencies: - dependency-name: org.owasp.encoder:encoder dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump junit-jupiter-engine from 5.0.1 to 5.8.2 Bumps [junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.0.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.0.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.4.1 to 3.12.10 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.4.1 to 3.12.10. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.4.1...r3.12.10) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing issue where csrf two and three crossover * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.3 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.3. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.8.1 to 3.10.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.8.1...maven-compiler-plugin-3.10.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Conforming to the way xxe challenge 1 is set up * cheats for xxe levels * fixing lint issue * Bump properties-maven-plugin from 1.0.0 to 1.1.0 Bumps [properties-maven-plugin](https://github.com/mojohaus/properties-maven-plugin) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/mojohaus/properties-maven-plugin/releases) - [Commits](mojohaus/properties-maven-plugin@properties-maven-plugin-1.0.0...properties-maven-plugin-1.1.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:properties-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump json from 20211205 to 20220320 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20211205 to 20220320. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-test from 5.0.7.RELEASE to 5.3.19 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.19 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-clean-plugin from 3.1.0 to 3.2.0 Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.1.0...maven-clean-plugin-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump build-helper-maven-plugin from 3.0.0 to 3.3.0 Bumps [build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.0.0 to 3.3.0. - [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases) - [Commits](mojohaus/build-helper-maven-plugin@build-helper-maven-plugin-3.0.0...build-helper-maven-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:build-helper-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fixing csrf challenge 2 where id was not displayed and cheat had a typo * marking adjustments to CSRF levels to make them clearer * fixing lint issue * adjusting xxe * fixing lint issue * fixing lint issue * fixing lint issue * fixing lint issue * Revert "adjusting xxe" * fixing lint issue * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.4 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.4. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mockito-core from 4.4.0 to 4.5.1 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.5.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.5.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.12.10 to 3.12.11 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.12.10 to 3.12.11. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.12.10...r3.12.11) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Increase maximum header size to allow proxy headers Increase the maxHttpHeaderSize to "65536" to allow oauth proxy headers Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co> * Bump spring-test from 5.0.7.RELEASE to 5.3.20 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump keytool-maven-plugin from 1.5 to 1.6 Bumps [keytool-maven-plugin](https://github.com/mojohaus/keytool) from 1.5 to 1.6. - [Release notes](https://github.com/mojohaus/keytool/releases) - [Commits](mojohaus/keytool@keytool-1.5...keytool-1.6) --- updated-dependencies: - dependency-name: org.codehaus.mojo:keytool-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.4.0 Bumps [spring-data-mongodb](https://github.com/spring-projects/spring-data-mongodb) from 2.1.1.RELEASE to 3.4.0. - [Release notes](https://github.com/spring-projects/spring-data-mongodb/releases) - [Commits](spring-projects/spring-data-mongodb@2.1.1.RELEASE...3.4.0) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.20 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump jsoup from 1.14.3 to 1.15.1 Bumps [jsoup](https://github.com/jhy/jsoup) from 1.14.3 to 1.15.1. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES) - [Commits](jhy/jsoup@jsoup-1.14.3...jsoup-1.15.1) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.19 to 5.3.20 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.19 to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.19...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.3.19 to 5.3.20 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.3.19 to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.19...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co>
ismisepaul
added a commit
to elastic/SecurityShepherd
that referenced
this issue
May 16, 2022
* Fixing Some Levels, Upgrading Libraries, Enhancement to Tomcat and verifying fixes (OWASP#638) * publish to OWASP DockerHub * update readme to point to owasp shepherd * closes issue OWASP#620 * closes issue OWASP#622 * closes issue OWASP#624 * removing unused import * fixing linting issue * fixing some weirdness when running on docker where key doesn't get displayed properly * Bump fongo from 2.0.6 to 2.1.1 Bumps [fongo](https://github.com/fakemongo/fongo) from 2.0.6 to 2.1.1. - [Release notes](https://github.com/fakemongo/fongo/releases) - [Changelog](https://github.com/fakemongo/fongo/blob/master/CHANGELOG) - [Commits](fakemongo/fongo@fongo-2.0.6...fongo-2.1.1) --- updated-dependencies: - dependency-name: com.github.fakemongo:fongo dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump argon2-jvm from 2.2 to 2.11 Bumps [argon2-jvm](https://github.com/phxql/argon2-jvm) from 2.2 to 2.11. - [Release notes](https://github.com/phxql/argon2-jvm/releases) - [Changelog](https://github.com/phxql/argon2-jvm/blob/master/CHANGELOG.md) - [Commits](phxql/argon2-jvm@v2.2...v2.11) --- updated-dependencies: - dependency-name: de.mkammerer:argon2-jvm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.1.1.RELEASE to 5.3.19 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.1.1.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.1.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.16 to 5.3.19 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.16 to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.16...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump encoder from 1.2.1 to 1.2.3 Bumps [encoder](https://github.com/owasp/owasp-java-encoder) from 1.2.1 to 1.2.3. - [Release notes](https://github.com/owasp/owasp-java-encoder/releases) - [Commits](OWASP/owasp-java-encoder@v1.2.1...v1.2.3) --- updated-dependencies: - dependency-name: org.owasp.encoder:encoder dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump junit-jupiter-engine from 5.0.1 to 5.8.2 Bumps [junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.0.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.0.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.4.1 to 3.12.10 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.4.1 to 3.12.10. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.4.1...r3.12.10) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing issue where csrf two and three crossover * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.3 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.3. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.8.1 to 3.10.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.8.1...maven-compiler-plugin-3.10.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Conforming to the way xxe challenge 1 is set up * cheats for xxe levels * fixing lint issue * Bump properties-maven-plugin from 1.0.0 to 1.1.0 Bumps [properties-maven-plugin](https://github.com/mojohaus/properties-maven-plugin) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/mojohaus/properties-maven-plugin/releases) - [Commits](mojohaus/properties-maven-plugin@properties-maven-plugin-1.0.0...properties-maven-plugin-1.1.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:properties-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump json from 20211205 to 20220320 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20211205 to 20220320. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-test from 5.0.7.RELEASE to 5.3.19 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.19 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-clean-plugin from 3.1.0 to 3.2.0 Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.1.0...maven-clean-plugin-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump build-helper-maven-plugin from 3.0.0 to 3.3.0 Bumps [build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.0.0 to 3.3.0. - [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases) - [Commits](mojohaus/build-helper-maven-plugin@build-helper-maven-plugin-3.0.0...build-helper-maven-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:build-helper-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fixing csrf challenge 2 where id was not displayed and cheat had a typo * marking adjustments to CSRF levels to make them clearer * fixing lint issue * adjusting xxe * fixing lint issue * fixing lint issue * fixing lint issue * fixing lint issue * Revert "adjusting xxe" * fixing lint issue * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.4 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.4. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mockito-core from 4.4.0 to 4.5.1 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.5.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.5.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.12.10 to 3.12.11 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.12.10 to 3.12.11. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.12.10...r3.12.11) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Increase maximum header size to allow proxy headers Increase the maxHttpHeaderSize to "65536" to allow oauth proxy headers Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co> * Bump spring-test from 5.0.7.RELEASE to 5.3.20 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump keytool-maven-plugin from 1.5 to 1.6 Bumps [keytool-maven-plugin](https://github.com/mojohaus/keytool) from 1.5 to 1.6. - [Release notes](https://github.com/mojohaus/keytool/releases) - [Commits](mojohaus/keytool@keytool-1.5...keytool-1.6) --- updated-dependencies: - dependency-name: org.codehaus.mojo:keytool-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.4.0 Bumps [spring-data-mongodb](https://github.com/spring-projects/spring-data-mongodb) from 2.1.1.RELEASE to 3.4.0. - [Release notes](https://github.com/spring-projects/spring-data-mongodb/releases) - [Commits](spring-projects/spring-data-mongodb@2.1.1.RELEASE...3.4.0) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.20 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump jsoup from 1.14.3 to 1.15.1 Bumps [jsoup](https://github.com/jhy/jsoup) from 1.14.3 to 1.15.1. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES) - [Commits](jhy/jsoup@jsoup-1.14.3...jsoup-1.15.1) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.19 to 5.3.20 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.19 to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.19...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.3.19 to 5.3.20 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.3.19 to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.19...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Grabbing upstream changes (#29) * Fixing Some Levels, Upgrading Libraries, Enhancement to Tomcat and verifying fixes (OWASP#638) * publish to OWASP DockerHub * update readme to point to owasp shepherd * closes issue OWASP#620 * closes issue OWASP#622 * closes issue OWASP#624 * removing unused import * fixing linting issue * fixing some weirdness when running on docker where key doesn't get displayed properly * Bump fongo from 2.0.6 to 2.1.1 Bumps [fongo](https://github.com/fakemongo/fongo) from 2.0.6 to 2.1.1. - [Release notes](https://github.com/fakemongo/fongo/releases) - [Changelog](https://github.com/fakemongo/fongo/blob/master/CHANGELOG) - [Commits](fakemongo/fongo@fongo-2.0.6...fongo-2.1.1) --- updated-dependencies: - dependency-name: com.github.fakemongo:fongo dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump argon2-jvm from 2.2 to 2.11 Bumps [argon2-jvm](https://github.com/phxql/argon2-jvm) from 2.2 to 2.11. - [Release notes](https://github.com/phxql/argon2-jvm/releases) - [Changelog](https://github.com/phxql/argon2-jvm/blob/master/CHANGELOG.md) - [Commits](phxql/argon2-jvm@v2.2...v2.11) --- updated-dependencies: - dependency-name: de.mkammerer:argon2-jvm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.1.1.RELEASE to 5.3.19 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.1.1.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.1.1.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.16 to 5.3.19 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.16 to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.16...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump encoder from 1.2.1 to 1.2.3 Bumps [encoder](https://github.com/owasp/owasp-java-encoder) from 1.2.1 to 1.2.3. - [Release notes](https://github.com/owasp/owasp-java-encoder/releases) - [Commits](OWASP/owasp-java-encoder@v1.2.1...v1.2.3) --- updated-dependencies: - dependency-name: org.owasp.encoder:encoder dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump junit-jupiter-engine from 5.0.1 to 5.8.2 Bumps [junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.0.1 to 5.8.2. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](junit-team/junit5@r5.0.1...r5.8.2) --- updated-dependencies: - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.4.1 to 3.12.10 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.4.1 to 3.12.10. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.4.1...r3.12.10) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fixing issue where csrf two and three crossover * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.3 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.3. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 Bumps [maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.8.1 to 3.10.1. - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.8.1...maven-compiler-plugin-3.10.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Conforming to the way xxe challenge 1 is set up * cheats for xxe levels * fixing lint issue * Bump properties-maven-plugin from 1.0.0 to 1.1.0 Bumps [properties-maven-plugin](https://github.com/mojohaus/properties-maven-plugin) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/mojohaus/properties-maven-plugin/releases) - [Commits](mojohaus/properties-maven-plugin@properties-maven-plugin-1.0.0...properties-maven-plugin-1.1.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:properties-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump json from 20211205 to 20220320 Bumps [json](https://github.com/douglascrockford/JSON-java) from 20211205 to 20220320. - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) --- updated-dependencies: - dependency-name: org.json:json dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-test from 5.0.7.RELEASE to 5.3.19 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.19 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.19. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.19) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump maven-clean-plugin from 3.1.0 to 3.2.0 Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.1.0...maven-clean-plugin-3.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump build-helper-maven-plugin from 3.0.0 to 3.3.0 Bumps [build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.0.0 to 3.3.0. - [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases) - [Commits](mojohaus/build-helper-maven-plugin@build-helper-maven-plugin-3.0.0...build-helper-maven-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:build-helper-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fixing csrf challenge 2 where id was not displayed and cheat had a typo * marking adjustments to CSRF levels to make them clearer * fixing lint issue * adjusting xxe * fixing lint issue * fixing lint issue * fixing lint issue * fixing lint issue * Revert "adjusting xxe" * fixing lint issue * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.3.4 Bumps spring-data-mongodb from 2.1.1.RELEASE to 3.3.4. --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mockito-core from 4.4.0 to 4.5.1 Bumps [mockito-core](https://github.com/mockito/mockito) from 4.4.0 to 4.5.1. - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v4.4.0...v4.5.1) --- updated-dependencies: - dependency-name: org.mockito:mockito-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump mongo-java-driver from 3.12.10 to 3.12.11 Bumps [mongo-java-driver](https://github.com/mongodb/mongo-java-driver) from 3.12.10 to 3.12.11. - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r3.12.10...r3.12.11) --- updated-dependencies: - dependency-name: org.mongodb:mongo-java-driver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Increase maximum header size to allow proxy headers Increase the maxHttpHeaderSize to "65536" to allow oauth proxy headers Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co> * Bump spring-test from 5.0.7.RELEASE to 5.3.20 Bumps [spring-test](https://github.com/spring-projects/spring-framework) from 5.0.7.RELEASE to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.7.RELEASE...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump keytool-maven-plugin from 1.5 to 1.6 Bumps [keytool-maven-plugin](https://github.com/mojohaus/keytool) from 1.5 to 1.6. - [Release notes](https://github.com/mojohaus/keytool/releases) - [Commits](mojohaus/keytool@keytool-1.5...keytool-1.6) --- updated-dependencies: - dependency-name: org.codehaus.mojo:keytool-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-data-mongodb from 2.1.1.RELEASE to 3.4.0 Bumps [spring-data-mongodb](https://github.com/spring-projects/spring-data-mongodb) from 2.1.1.RELEASE to 3.4.0. - [Release notes](https://github.com/spring-projects/spring-data-mongodb/releases) - [Commits](spring-projects/spring-data-mongodb@2.1.1.RELEASE...3.4.0) --- updated-dependencies: - dependency-name: org.springframework.data:spring-data-mongodb dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-core from 5.0.11.RELEASE to 5.3.20 Bumps [spring-core](https://github.com/spring-projects/spring-framework) from 5.0.11.RELEASE to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.0.11.RELEASE...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-core dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump jsoup from 1.14.3 to 1.15.1 Bumps [jsoup](https://github.com/jhy/jsoup) from 1.14.3 to 1.15.1. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES) - [Commits](jhy/jsoup@jsoup-1.14.3...jsoup-1.15.1) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-web from 5.3.19 to 5.3.20 Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 5.3.19 to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.19...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump spring-context from 5.3.19 to 5.3.20 Bumps [spring-context](https://github.com/spring-projects/spring-framework) from 5.3.19 to 5.3.20. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.19...v5.3.20) --- updated-dependencies: - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Niemi <spencer.niemi@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are two issues
SecurityShepherd/src/main/java/servlets/module/lesson/XxeLesson.java
Line 160 in 72f8767
The directory should be
/webapps/ROOT/WEB-INF/classes/fileSystemKeys.propertiesSecurityShepherd/src/main/resources/fileSystemKeys.properties
Line 4 in 72f8767
SecurityShepherd/src/main/resources/database/coreSchema.sql
Line 1647 in 72f8767
The text was updated successfully, but these errors were encountered: