Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #1461

Merged
merged 4 commits into from
Oct 31, 2023
Merged

Update dependencies #1461

merged 4 commits into from
Oct 31, 2023

Conversation

flaix
Copy link
Member

@flaix flaix commented Oct 31, 2023

Update a handful of dependencies, for which CVEs were issued and newer versions exist.
This also switches from log4j to reload4j.

The changes address #1458.

@flaix
dep: Update mina-core, commons-compress and guava
c706290 
Update dependencies: Mina Core, Guava and commons-compress.
These don't need any other adjustments.
@flaix
dep: Update JSoup to 1.16.2
f124dfc 
Update JSoup to version 1.16.2.
This requires renaming `Whitelist` to `Safelist`,
because the class name was changed in version 1.15.1
in a breaking change.
@flaix
dep: Update slf4j to 1.7.36 and switch from log4j1 to reload4j
d2a3322 
Replace log4j 1.2.17 with reload4j 1.2.25.

log4j 1.x was caught in the fire of the Log4Shell vulnerability, even
though the 1.x line was not affected by the vulnerability. Still, this
looks bad when it shows up in security scanners even though it doesn't
mean it has the Log4Shell vulnerability.
Switch to reload4j instead. This is a drop-in replacement of log4j.
Actually, it is log4j rebooted by the same author. The reload4j 1.x
line fixes security issues that have since surfaced.

At the same time we update to the latest slf4j version, which also
switched to reload4j for the log4j12 line.
@flaix
dep: Update Apache Tika to 1.28.5
b1f7c7c
@flaix flaix added the hacktoberfest-accepted Accepted Hacktoberfest contribution, will merge later. label Oct 31, 2023
@flaix flaix merged commit 8d24e98 into gitblit-org:master Oct 31, 2023
4 checks passed
@flaix flaix deleted the depupd branch October 31, 2023 20:23
@flaix flaix mentioned this pull request Nov 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
hacktoberfest-accepted Accepted Hacktoberfest contribution, will merge later.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@flaix