You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2018/07/26 07:40:25 UTC
[openmeetings] branch 4.0.x updated: [OPENMEETINGS-1897] some
dependencies were updated to comply with audit
This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch 4.0.x
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/4.0.x by this push:
new 2f54a32 [OPENMEETINGS-1897] some dependencies were updated to comply with audit
2f54a32 is described below
commit 2f54a32f92c81ff558e364ccc2040e5525c8d49c
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Thu Jul 26 14:40:15 2018 +0700
[OPENMEETINGS-1897] some dependencies were updated to comply with audit
---
.../src/main/jnlp/templates/template.jnlp | 2 +-
openmeetings-server/src/main/assembly/components/all.xml | 2 ++
openmeetings-server/src/site/xdoc/BuildInstructions.xml | 3 +++
openmeetings-util/pom.xml | 1 -
pom.xml | 16 ++++++++++++++++
5 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp b/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp
index 0d13ba0..8a88d9c 100644
--- a/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp
+++ b/openmeetings-screenshare/src/main/jnlp/templates/template.jnlp
@@ -33,7 +33,7 @@
</security>
<resources>
<j2se version='1.8+'/>
- <jar href="bcprov-jdk15on-1.59.jar" main="true"/>
+ <jar href="bcprov-jdk15on-1.60.jar" main="true"/>
<jar href="openmeetings-screenshare-${project.version}-full.jar" main="true"/>
</resources>
<application-desc main-class='org.apache.openmeetings.screenshare.Core'>
diff --git a/openmeetings-server/src/main/assembly/components/all.xml b/openmeetings-server/src/main/assembly/components/all.xml
index 15f4028..00a2359 100644
--- a/openmeetings-server/src/main/assembly/components/all.xml
+++ b/openmeetings-server/src/main/assembly/components/all.xml
@@ -38,6 +38,7 @@
<exclude>lib/spring*.jar</exclude>
<!-- Tika related jars are in lib folder-->
<exclude>lib/apache-mime4j*</exclude>
+ <exclude>lib/bcprov-*</exclude>
<exclude>lib/boilerpipe*</exclude>
<exclude>lib/jempbox*</exclude>
<exclude>lib/juniversalchardet*</exclude>
@@ -229,6 +230,7 @@
<include>commons-lang3*</include>
<!-- Tika related jars are in lib folder -->
<include>apache-mime4j*</include>
+ <include>bcprov-*</include>
<include>boilerpipe*</include>
<include>jempbox*</include>
<include>juniversalchardet*</include>
diff --git a/openmeetings-server/src/site/xdoc/BuildInstructions.xml b/openmeetings-server/src/site/xdoc/BuildInstructions.xml
index 6cbe1d3..d8b7630 100644
--- a/openmeetings-server/src/site/xdoc/BuildInstructions.xml
+++ b/openmeetings-server/src/site/xdoc/BuildInstructions.xml
@@ -49,6 +49,9 @@
<img src="images/eclipse-import-maven-project.png" alt="Import OM into Eclipse" width="526" height="394" />
</p>
</section>
+ <section name="Check for known vulnerabilities">
+ <source>mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml</source>
+ </section>
<section name="Check for updates">
<source>mvn versions:display-dependency-updates</source>
<source>mvn versions:display-plugin-updates</source>
diff --git a/openmeetings-util/pom.xml b/openmeetings-util/pom.xml
index e6d638b..add8d2b 100644
--- a/openmeetings-util/pom.xml
+++ b/openmeetings-util/pom.xml
@@ -123,7 +123,6 @@
<dependency>
<groupId>org.apache.tika</groupId>
<artifactId>tika-parsers</artifactId>
- <version>${tika-parsers.version}</version>
</dependency>
</dependencies>
</project>
diff --git a/pom.xml b/pom.xml
index 548d83b..a82c64a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -109,6 +109,7 @@
<tika-parsers.version>1.18</tika-parsers.version>
<commons-text.version>1.4</commons-text.version>
<license.excludedScopes>test</license.excludedScopes>
+ <bcprov-jdk15on.version>1.60</bcprov-jdk15on.version>
<!-- URL of the ASF SonarQube server -->
<sonar.host.url>https://builds.apache.org/analysis</sonar.host.url>
<!-- Exclude all generated code -->
@@ -766,6 +767,11 @@
<version>${cxf.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-client</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
<version>${selenium.version}</version>
@@ -834,6 +840,16 @@
<artifactId>commons-text</artifactId>
<version>${commons-text.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>${bcprov-jdk15on.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tika</groupId>
+ <artifactId>tika-parsers</artifactId>
+ <version>${tika-parsers.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
<dependencies>