-
Notifications
You must be signed in to change notification settings - Fork 4
/
cve-resolution-strategy.gradle
68 lines (55 loc) · 1.91 KB
/
cve-resolution-strategy.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
configurations.all {
resolutionStrategy {
eachDependency { DependencyResolveDetails det ->
/*
CVE-2017-18640, CVE-2022-41854
* */
if(det.requested.name == 'snakeyaml'){
det.useVersion '2.2'
}
/*
CVE-2019-10086
*/
if (det.requested.name == 'commons-beanutils') {
det.useVersion '1.9.4'
}
/* CVE-2021-29425 */
if (det.requested.name == 'commons-io') {
det.useVersion '2.8.0'
}
/*
* CVE-2021-45105
* */
if (det.requested.name == 'log4j-api' || det.requested.name == 'log4j-to-slf4j') {
det.useVersion '2.17.1'
}
/*
* CVE-2024-1597
* */
if (det.requested.name == 'postgresql') {
det.useVersion '42.7.3'
}
/*
* CVE-2023-6481
* */
if (det.requested.name == 'logback-core' || det.requested.name == 'logback-classic' ) {
det.useVersion '1.2.13'
}
/* CVE-2023-34042 */
if (det.requested.name == 'org.springframework.security' || det.requested.name == 'spring-security-web' || det.requested.name == 'spring-security-core'
|| det.requested.name == 'spring-security-config' || det.requested.name == 'spring-security-crypto') {
det.useVersion '5.8.12'
}
/* CVE-2023-2976 */
if (det.requested.name == 'com.google.guava' && det.requested.group == 'guava') {
det.useVersion '33.2.0-jre'
}
/*
* CVE-2023-24998
* */
if (det.requested.name == 'commons-fileupload') {
det.useVersion '1.5'
}
}
}
}