diff --git a/acb.tpl.yaml b/acb.tpl.yaml
index 47f8bcfe..3dee7f86 100644
--- a/acb.tpl.yaml
+++ b/acb.tpl.yaml
@@ -3,7 +3,8 @@ steps:
- id: pull-base-image-amd64
cmd: docker pull --platform linux/amd64 hmctspublic.azurecr.io/base/java:17-distroless && docker tag hmctspublic.azurecr.io/base/java:17-distroless hmctspublic.azurecr.io/base/java/linux/amd64:17-distroless
when: ["-"]
- keep: true
+ retries: 3
+ retryDelay: 5
- id: runtime-amd64
build: >
@@ -13,13 +14,15 @@ steps:
.
when:
- pull-base-image-amd64
- keep: true
+ retries: 3
+ retryDelay: 5
- id: pull-base-image-arm64
cmd: docker pull --platform linux/arm64 hmctspublic.azurecr.io/base/java:17-distroless && docker tag hmctspublic.azurecr.io/base/java:17-distroless hmctspublic.azurecr.io/base/java/linux/arm64:17-distroless
when:
- pull-base-image-amd64
- keep: true
+ retries: 3
+ retryDelay: 5
- id: runtime-arm64
build: >
@@ -29,7 +32,8 @@ steps:
.
when:
- pull-base-image-arm64
- keep: true
+ retries: 3
+ retryDelay: 5
- id: push-images
push:
@@ -38,15 +42,19 @@ steps:
when:
- runtime-amd64
- runtime-arm64
+ retries: 3
+ retryDelay: 5
- id: manifest-create
cmd: docker manifest create {{.Run.Registry}}/{{CI_IMAGE_TAG}} {{.Run.Registry}}/{{CI_IMAGE_TAG}}-amd64 {{.Run.Registry}}/{{CI_IMAGE_TAG}}-arm64
when:
- push-images
- keep: true
+ retries: 3
+ retryDelay: 5
- id: manifest-push
cmd: docker manifest push --purge {{.Run.Registry}}/{{CI_IMAGE_TAG}}
when:
- manifest-create
- keep: true
+ retries: 3
+ retryDelay: 5
diff --git a/build.gradle b/build.gradle
index ee925f6d..3e8a3c2d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ plugins {
id 'application'
id 'jacoco'
id 'io.spring.dependency-management' version '1.0.10.RELEASE'
- id 'org.springframework.boot' version '2.7.12'
+ id 'org.springframework.boot' version '2.7.18'
id 'com.github.ben-manes.versions' version '0.20.0'
id 'org.sonarqube' version '4.4.0.3356'
id 'uk.gov.hmcts.java' version '0.12.40'
@@ -139,7 +139,7 @@ repositories {
ext {
groovyVersion = '3.0.7'
- tomcatVersion = '9.0.75!!'
+ tomcatVersion = '9.0.83'
jettyVersion = '9.4.53.v20231009'
}
@@ -160,7 +160,7 @@ def versions = [
dependencies {
- implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.0'
+ implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.4'
implementation group: 'com.google.guava', name: 'guava', version:'32.1.2-jre'
implementation group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.13'
@@ -172,8 +172,8 @@ dependencies {
// CVE-2021-28170
implementation group: 'org.glassfish', name: 'jakarta.el', version: '4.0.1'
// CVE-2021-42550
- implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.10'
- implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.10'
+ implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
+ implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.13'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
@@ -257,6 +257,7 @@ dependencies {
implementation group: 'net.minidev', name: 'json-smart', version: '2.4.7'
// CCD-3511 CVE-2020-15522
+ // 1.70 is the latest version, but still has vulnerabilities (CVE-2023-33202)
implementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70'
}
diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
index e7b1d976..6112c67c 100644
--- a/dependency-check-suppressions.xml
+++ b/dependency-check-suppressions.xml
@@ -22,7 +22,10 @@
CVE-2023-33202 refer [Ticket]
CVE-2023-34055 refer [Ticket]
CVE-2023-46589 refer [Ticket]
- CVE-2023-6378 refer [Ticket]
+ CVE-2023-6378 refer [Ticket]
+ CVE-2023-33202 refer https://tools.hmcts.net/jira/browse/CCD-5136
+ CVE-2023-34055 refer https://tools.hmcts.net/jira/browse/CCD-5135
+
CVE-2022-45688
CVE-2023-35116
CVE-2023-34034