diff --git a/build.gradle b/build.gradle index 427a882106..da97d94b96 100644 --- a/build.gradle +++ b/build.gradle @@ -334,6 +334,20 @@ allprojects { force "org.bouncycastle:bcprov-jdk18on:${bouncycastleVersion}" // force consistency in docker and connectors and saml force "org.bouncycastle:bcpkix-jdk18on:${bouncycastleVersion}" + // docker dependency: force to mitigate CVEs + force "io.netty:netty-resolver:${nettyVersion}" + force "io.netty:netty-resolver-dns:${nettyVersion}" + force "io.netty:netty-handler:${nettyVersion}" + force "io.netty:netty-handler-proxy:${nettyVersion}" + force "io.netty:netty-buffer:${nettyVersion}" + force "io.netty:netty-transport:${nettyVersion}" + force "io.netty:netty-codec-socks:${nettyVersion}" + force "io.netty:netty-codec:${nettyVersion}" + force "io.netty:netty-common:${nettyVersion}" + force "io.netty:netty-codec-http:${nettyVersion}" + force "io.netty:netty-codec-http2:${nettyVersion}" + force "io.netty:netty-transport-native-epoll:${nettyVersion}" + force "io.netty:netty-transport-native-kqueue:${nettyVersion}" // Force consistency for dependencies from pipeline and query force "org.dom4j:dom4j:${dom4jVersion}" diff --git a/gradle.properties b/gradle.properties index f6d04c0f6a..63bd75060d 100644 --- a/gradle.properties +++ b/gradle.properties @@ -134,7 +134,7 @@ commonsLangVersion=2.6 commonsLoggingVersion=1.3.5 commonsMath3Version=3.6.1 commonsPoolVersion=1.6 -commonsTextVersion=1.14.0 +commonsTextVersion=1.15.0 commonsValidatorVersion=1.10.1 commonsVfs2Version=2.10.0 @@ -247,6 +247,9 @@ luceneVersion=9.12.3 mssqlJdbcVersion=13.2.1.jre11 +# force for docker +nettyVersion=4.2.9.Final + objenesisVersion=1.0 opencsvVersion=2.3