generated from hmcts/spring-boot-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
cve-resolution-strategy.gradle
93 lines (78 loc) · 3.2 KB
/
cve-resolution-strategy.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
configurations.all {
resolutionStrategy {
eachDependency { DependencyResolveDetails details ->
/* CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 CVE-2024-26308*/
if (details.requested.name == 'commons-compress') {
details.useVersion '1.25.0'
}/* CVE-2021-22119 */
/*
CVE-2020-13956
* */
if (details.requested.name == 'httpclient') {
details.useVersion '4.5.13'
}
/*
CVE-2024-34447, CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2023-33201
* */
if (details.requested.name == 'bouncy-castle-crypto-package') {
details.useVersion '1.77'
}
/*
* CVE-2021-44832
*/
if (details.requested.name == 'log4j-api' || details.requested.name == 'log4j-to-slf4j' || details.requested.name == 'log4j-core') {
details.useVersion '2.23.1'
}
/* CVE-2017-18640, CVE-2022-41854 */
if (details.requested.name == 'snakeyaml'){
details.useVersion '2.2'
}
/*
* CVE-2023-6481
* */
if (details.requested.name == 'logback-core' || details.requested.name == 'logback-classic' ) {
details.useVersion '1.2.13'
}
/* CVE-2023-34042 */
if (details.requested.name == 'org.springframework.security' || details.requested.name == 'spring-security-web' || details.requested.name == 'spring-security-core'
|| details.requested.name == 'spring-security-config' || details.requested.name == 'spring-security-crypto' || details.requested.name == 'spring-security-oauth2'
|| details.requested.name == 'spring-security-oauth2-resource-server' || details.requested.name == 'spring-security-oauth2-core'
|| details.requested.name == 'spring-security-oauth2-jose' || details.requested.name == 'spring-security-oauth2-client') {
details.useVersion '5.8.12'
}
/* CVE-2016-1000027, CVE-2024-22243, CVE-2024-22262 */
if (details.requested.name == 'spring-webmvc' || details.requested.name == 'spring-web' || details.requested.name == 'spring-core' || details.requested.name == 'spring-test'
|| details.requested.name == 'spring-beans') {
details.useVersion '5.3.36'
}
/* CVE-2022-26336 */
if (details.requested.name == 'commons-io') {
details.useVersion '2.16.1'
}
/* CVE-2024-1597 */
if (details.requested.name == 'postgresql' && details.requested.group == 'org.postgresql') {
details.useVersion '42.7.3'
}
/* CVE-2021-27568, CVE-2023-1370 */
if (details.requested.name == 'json-smart') {
details.useVersion '2.5.1'
}
/* CVE-2023-38286 */
if (details.requested.name == 'thymeleaf') {
details.useVersion '3.1.2.RELEASE'
}
/* CVE-2023-38286 */
if (details.requested.name == 'spring-boot-starter-thymeleaf') {
details.useVersion '3.2.5'
}
/* CVE-2023-38286 */
if (details.requested.name == 'thymeleaf-spring5') {
details.useVersion '3.1.2.RELEASE'
}
/* CVE-2023-2976 */
if (details.requested.name == 'com.google.guava' && details.requested.group == 'guava') {
details.useVersion '33.2.0-jre'
}
}
}
}