You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2018/07/26 07:40:25 UTC

[openmeetings] branch 4.0.x updated: [OPENMEETINGS-1897] some dependencies were updated to comply with audit

This is an automated email from the ASF dual-hosted git repository.

solomax pushed a commit to branch 4.0.x
in repository https://gitbox.apache.org/repos/asf/openmeetings.git


The following commit(s) were added to refs/heads/4.0.x by this push:
     new 2f54a32  [OPENMEETINGS-1897] some dependencies were updated to comply with audit
2f54a32 is described below

commit 2f54a32f92c81ff558e364ccc2040e5525c8d49c
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Thu Jul 26 14:40:15 2018 +0700

    [OPENMEETINGS-1897] some dependencies were updated to comply with audit
---
 .../src/main/jnlp/templates/template.jnlp                |  2 +-
 openmeetings-server/src/main/assembly/components/all.xml |  2 ++
 openmeetings-server/src/site/xdoc/BuildInstructions.xml  |  3 +++
 openmeetings-util/pom.xml                                |  1 -
 pom.xml                                                  | 16 ++++++++++++++++
 5 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp b/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp
index 0d13ba0..8a88d9c 100644
--- a/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp
+++ b/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp
@@ -33,7 +33,7 @@
 	</security>
 	<resources>
 		<j2se version='1.8+'/>
-		<jar href="bcprov-jdk15on-1.59.jar" main="true"/>
+		<jar href="bcprov-jdk15on-1.60.jar" main="true"/>
 		<jar href="openmeetings-screenshare-${project.version}-full.jar" main="true"/>
 	</resources>
 	<application-desc main-class='org.apache.openmeetings.screenshare.Core'>
diff --git a/openmeetings-server/src/main/assembly/components/all.xml b/openmeetings-server/src/main/assembly/components/all.xml
index 15f4028..00a2359 100644
--- a/openmeetings-server/src/main/assembly/components/all.xml
+++ b/openmeetings-server/src/main/assembly/components/all.xml
@@ -38,6 +38,7 @@
 				<exclude>lib/spring*.jar</exclude>
 				<!-- Tika related jars are in lib folder-->
 				<exclude>lib/apache-mime4j*</exclude>
+				<exclude>lib/bcprov-*</exclude>
 				<exclude>lib/boilerpipe*</exclude>
 				<exclude>lib/jempbox*</exclude>
 				<exclude>lib/juniversalchardet*</exclude>
@@ -229,6 +230,7 @@
 				<include>commons-lang3*</include>
 				<!-- Tika related jars are in lib folder -->
 				<include>apache-mime4j*</include>
+				<include>bcprov-*</include>
 				<include>boilerpipe*</include>
 				<include>jempbox*</include>
 				<include>juniversalchardet*</include>
diff --git a/openmeetings-server/src/site/xdoc/BuildInstructions.xml b/openmeetings-server/src/site/xdoc/BuildInstructions.xml
index 6cbe1d3..d8b7630 100644
--- a/openmeetings-server/src/site/xdoc/BuildInstructions.xml
+++ b/openmeetings-server/src/site/xdoc/BuildInstructions.xml
@@ -49,6 +49,9 @@
 				<img src="images/eclipse-import-maven-project.png" alt="Import OM into Eclipse" width="526" height="394" />
 			</p>
 		</section>
+		<section name="Check for known vulnerabilities">
+			<source>mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml</source>
+		</section>
 		<section name="Check for updates">
 			<source>mvn versions:display-dependency-updates</source>
 			<source>mvn versions:display-plugin-updates</source>
diff --git a/openmeetings-util/pom.xml b/openmeetings-util/pom.xml
index e6d638b..add8d2b 100644
--- a/openmeetings-util/pom.xml
+++ b/openmeetings-util/pom.xml
@@ -123,7 +123,6 @@
 		<dependency>
 			<groupId>org.apache.tika</groupId>
 			<artifactId>tika-parsers</artifactId>
-			<version>${tika-parsers.version}</version>
 		</dependency>
 	</dependencies>
 </project>
diff --git a/pom.xml b/pom.xml
index 548d83b..a82c64a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,6 +109,7 @@
 		<tika-parsers.version>1.18</tika-parsers.version>
 		<commons-text.version>1.4</commons-text.version>
 		<license.excludedScopes>test</license.excludedScopes>
+		<bcprov-jdk15on.version>1.60</bcprov-jdk15on.version>
 		<!--  URL of the ASF SonarQube server  -->
 		<sonar.host.url>https://builds.apache.org/analysis</sonar.host.url>
 		<!--  Exclude all generated code  -->
@@ -766,6 +767,11 @@
 				<version>${cxf.version}</version>
 			</dependency>
 			<dependency>
+				<groupId>org.apache.cxf</groupId>
+				<artifactId>cxf-rt-rs-client</artifactId>
+				<version>${cxf.version}</version>
+			</dependency>
+			<dependency>
 				<groupId>org.seleniumhq.selenium</groupId>
 				<artifactId>selenium-java</artifactId>
 				<version>${selenium.version}</version>
@@ -834,6 +840,16 @@
 				<artifactId>commons-text</artifactId>
 				<version>${commons-text.version}</version>
 			</dependency>
+			<dependency>
+				<groupId>org.bouncycastle</groupId>
+				<artifactId>bcprov-jdk15on</artifactId>
+				<version>${bcprov-jdk15on.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.tika</groupId>
+				<artifactId>tika-parsers</artifactId>
+				<version>${tika-parsers.version}</version>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>
 	<dependencies>