cve-resolution-strategy.gradle

configurations.all {
  resolutionStrategy {
    eachDependency { DependencyResolveDetails details ->
      /* JAR upgrades with latest versions for CVE fixes*/
      if (details.requested.name == 'commons-io') {
        details.useVersion '2.16.1'
      }
      if (details.requested.name == 'guava') {
        details.useVersion '32.1.2-jre'
      }

      /*
         CVE-2021-27568
       */
      if (details.requested.name == 'accessors-rt') {
        details.useVersion '2.4.7'
      }

      if (details.requested.name == 'bcprov-jdk15on'){
        details.useVersion '1.69'
      }


      if (details.requested.name == 'jakarta.el'){
        details.useVersion '4.0.2'
      }

      /*
        CVE-2021-27568, CVE-2023-1370
       */
      if (details.requested.name == 'json-smart'){
        details.useVersion '2.5.1'
      }

      if(details.requested.name == 'spring-cloud-openfeign-core' || details.requested.name == 'spring-cloud-starter-openfeign') {
        details.useVersion '3.0.5'
      }

      /* CVE-2023-34042 */
      if (details.requested.name == 'org.springframework.security' || details.requested.name == 'spring-security-web'
        || details.requested.name == 'spring-security-core' || details.requested.name == 'spring-security-config'
        || details.requested.name == 'spring-security-crypto') {
        details.useVersion '5.8.12'
      }

      /* CVE-2022-25647 */
      if (details.requested.name == 'gson') {
        details.useVersion '2.8.9'
      }

      /* CVE-2020-36518 */
      if (details.requested.name == 'log4j-api') {
        details.useVersion '2.17.2'
      }

      /* CVE-2021-42550 */
      if (details.requested.name == 'logback-classic' || details.requested.name == 'logback-core') {
        details.useVersion '1.2.11'
      }

      /* CVE-2022-1471 */
      if (details.requested.name == 'snakeyaml'){
        details.useVersion '2.2'
      }
      /*
      * CVE-2023-24998
      * */
      if (details.requested.name == 'commons-fileupload') {
        details.useVersion '1.5'
      }
      /*
      * CVE-2022-22965, CVE-2022-22950, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970, CVE-2021-22060
      * */
      if (details.requested.name == 'spring-aop' || details.requested.name == 'spring-aspects' || details.requested.name == 'spring-jcl'
        || details.requested.name == 'spring-web' || details.requested.name == 'spring-context' || details.requested.name == 'spring-core'
        || details.requested.name == 'spring-beans' || details.requested.name == 'spring-expression' || details.requested.name == 'spring-webmvc'
      ) {
        details.useVersion '5.3.36'
      }

      /*
       * CVE-2023-6378
      */
      if (details.requested.name == 'logback-core' || details.requested.name == 'logback-classic' ) {
        details.useVersion '1.2.13'
      }
    }
  }
}