Merge pull request #1716 from hmcts/AM-3002_CVE-2023-5072_Fix

AM-3002 CVE-2023-5072 Fix json upgrade 20231013
hmcts · Jan 11, 2024 · 4d133d5 · 4d133d5
2 parents c80a254 + 3a62edd
commit 4d133d5
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 5 deletions.
diff --git a/build.gradle b/build.gradle
@@ -367,7 +367,7 @@ dependencies {
     implementation group: 'com.github.hmcts', name:'properties-volume-spring-boot-starter', version:'0.1.1'
     implementation group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4'
     implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
-    implementation group: 'org.json', name: 'json', version: '20230227'
+    implementation group: 'org.json', name: 'json', version: '20231013'
     implementation group: 'javax.inject', name: 'javax.inject', version: '1'
 
     implementation group: 'com.microsoft.azure', name: 'applicationinsights-spring-boot-starter', version: '2.6.4'

diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -8,10 +8,6 @@
         <notes>https://tools.hmcts.net/jira/browse/AM-2952 plexus</notes>
         <cve>CVE-2022-4245</cve>
     </suppress>
-    <suppress>
-        <notes>https://tools.hmcts.net/jira/browse/AM-3002 json-java</notes>
-        <cve>CVE-2023-5072</cve>
-    </suppress>
     <suppress>
         <notes>https://tools.hmcts.net/jira/browse/AM-3065 azure</notes>
         <cve>CVE-2023-36052</cve>