generated from hmcts/spring-boot-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
cve-resolution-strategy.gradle
89 lines (77 loc) · 2.79 KB
/
cve-resolution-strategy.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
configurations.all {
resolutionStrategy {
eachDependency { DependencyResolveDetails details ->
/* JAR upgrades with latest versions for CVE fixes*/
if (details.requested.name == 'commons-io') {
details.useVersion '2.16.1'
}
if (details.requested.name == 'guava') {
details.useVersion '32.1.2-jre'
}
/*
CVE-2021-27568
*/
if (details.requested.name == 'accessors-rt') {
details.useVersion '2.4.7'
}
if (details.requested.name == 'bcprov-jdk15on'){
details.useVersion '1.69'
}
if (details.requested.name == 'jakarta.el'){
details.useVersion '4.0.2'
}
/*
CVE-2021-27568, CVE-2023-1370
*/
if (details.requested.name == 'json-smart'){
details.useVersion '2.5.1'
}
if(details.requested.name == 'spring-cloud-openfeign-core' || details.requested.name == 'spring-cloud-starter-openfeign') {
details.useVersion '3.0.5'
}
/* CVE-2023-34042 */
if (details.requested.name == 'org.springframework.security' || details.requested.name == 'spring-security-web'
|| details.requested.name == 'spring-security-core' || details.requested.name == 'spring-security-config'
|| details.requested.name == 'spring-security-crypto') {
details.useVersion '5.8.12'
}
/* CVE-2022-25647 */
if (details.requested.name == 'gson') {
details.useVersion '2.8.9'
}
/* CVE-2020-36518 */
if (details.requested.name == 'log4j-api') {
details.useVersion '2.17.2'
}
/* CVE-2021-42550 */
if (details.requested.name == 'logback-classic' || details.requested.name == 'logback-core') {
details.useVersion '1.2.11'
}
/* CVE-2022-1471 */
if (details.requested.name == 'snakeyaml'){
details.useVersion '2.2'
}
/*
* CVE-2023-24998
* */
if (details.requested.name == 'commons-fileupload') {
details.useVersion '1.5'
}
/*
* CVE-2022-22965, CVE-2022-22950, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970, CVE-2021-22060
* */
if (details.requested.name == 'spring-aop' || details.requested.name == 'spring-aspects' || details.requested.name == 'spring-jcl'
|| details.requested.name == 'spring-web' || details.requested.name == 'spring-context' || details.requested.name == 'spring-core'
|| details.requested.name == 'spring-beans' || details.requested.name == 'spring-expression' || details.requested.name == 'spring-webmvc'
) {
details.useVersion '5.3.36'
}
/*
* CVE-2023-6378
*/
if (details.requested.name == 'logback-core' || details.requested.name == 'logback-classic' ) {
details.useVersion '1.2.13'
}
}
}
}