forked from hmcts/ccpay-service-request-cpo-update-service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cve-resolution-strategy.gradle
82 lines (69 loc) · 3.12 KB
/
cve-resolution-strategy.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
configurations.all {
resolutionStrategy {
eachDependency { DependencyResolveDetails details ->
/* JAR upgrades with latest versions for CVE fixes*/
/*
* CVE-2021-42340
* */
if (details.requested.name == 'tomcat-embed-core') {
details.useVersion '9.0.54'
}
if (details.requested.name == 'tomcat-embed-websocket') {
details.useVersion '9.0.54'
}
if (details.requested.name == 'commons-io') {
details.useVersion '2.11.0'
}
if (details.requested.name == 'guava') {
details.useVersion '31.0.1-jre'
}
/*
CVE-2021-27568
*/
if (details.requested.name == 'accessors-smart') {
details.useVersion '2.4.7'
}
if (details.requested.name == 'bcprov-jdk15on'){
details.useVersion '1.69'
}
if (details.requested.name == 'jakarta.el'){
details.useVersion '4.0.2'
}
if (details.requested.name == 'jakarta.el'){
details.useVersion '4.0.2'
}
/*
CVE-2021-27568
*/
if (details.requested.name == 'json-smart'){
details.useVersion '2.4.7'
}
/*
CVE-2021-21295, CVE-2021-21409, CVE-2021-37136, CVE-2021-37137
*/
if (details.requested.name == 'netty-buffer' || details.requested.name == 'netty-codec' || details.requested.name == 'netty-codec-dns' ||
details.requested.name == 'netty-codec-http' || details.requested.name == 'netty-codec-http2' || details.requested.name == 'netty-codec-socks' ||
details.requested.name == 'netty-common' || details.requested.name == 'netty-handler' || details.requested.name == 'netty-handler-proxy' ||
details.requested.name == 'netty-resolver' || details.requested.name == 'netty-resolver-dns' || details.requested.name == 'netty-resolver-dns-native-macos' ||
details.requested.name == 'netty-transport' || details.requested.name == 'netty-transport-native-epoll' || details.requested.name == 'netty-transport-native-kqueue' ||
details.requested.name == 'netty-transport-native-unix-common' || details.requested.name == 'netty-transport-native-unix-common'
){
details.useVersion '4.1.69.Final'
}
if (details.requested.name == 'spring-aop' || details.requested.name == 'spring-beans'
|| details.requested.name == 'spring-context' || details.requested.name == 'spring-core' || details.requested.name == 'spring-expression'
|| details.requested.name == 'spring-jcl' || details.requested.name == 'spring-web' || details.requested.name == 'spring-webmvc'){
details.useVersion '5.3.12'
}
if(details.requested.name == 'spring-cloud-openfeign-core' || details.requested.name == 'spring-cloud-starter-openfeign') {
details.useVersion '3.0.5'
}
if(details.requested.name == 'spring-security-config' || details.requested.name == 'spring-security-core' ||
details.requested.name == 'spring-security-crypto' || details.requested.name == 'spring-security-web'
) {
details.useVersion '5.5.3'
}
/* CVE fix with latest version ends here */
}
}
}