Hotfix release v5.11.3

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM gradle:6.8.3-jdk11 AS build
+FROM --platform=$BUILDPLATFORM gradle:8.10.0-jdk11-alpine AS build
 ARG RELEASE_MODE
 ARG APP_VERSION
 WORKDIR /usr/app
@@ -10,13 +10,13 @@ RUN if [ "${RELEASE_MODE}" = true ]; then \
     else gradle build --no-build-cache --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi
 
 # For ARM build use flag: `--platform linux/arm64`
-FROM --platform=$BUILDPLATFORM amazoncorretto:11.0.20
-LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu <andrei_varabyeu@epam.com>, Hleb Kanonik <hleb_kanonik@epam.com>"
+FROM --platform=$BUILDPLATFORM amazoncorretto:11.0.24
 ARG APP_VERSION=${APP_VERSION}
+LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu <andrei_varabyeu@epam.com>, Hleb Kanonik <hleb_kanonik@epam.com>"
 ENV APP_DIR=/usr/app
 ENV JAVA_OPTS="-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom"
 WORKDIR $APP_DIR
 COPY --from=build $APP_DIR/build/libs/service-authorization-*exec.jar .
 VOLUME ["/tmp"]
 EXPOSE 8080
-ENTRYPOINT exec java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar
+ENTRYPOINT ["sh", "-c", "java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar"]

build.gradle

@@ -6,7 +6,7 @@ plugins {
 }
 
 apply from: 'project-properties.gradle'
-apply from: "$scriptsUrl/build-docker.gradle"
+//apply from: "$scriptsUrl/build-docker.gradle"
 apply from: "$scriptsUrl/build-info.gradle"
 apply from: "$scriptsUrl/build-commons.gradle"
 //apply from: "$scriptsUrl/build-quality.gradle"
@@ -15,12 +15,12 @@ apply from: "$scriptsUrl/signing.gradle"
 
 repositories {
     mavenCentral { url "https://repo1.maven.org/maven2" }
-
     if (!releaseMode) {
         maven { url 'https://jitpack.io' }
     }
 }
 
+ext['spring-boot.version'] = '2.5.15'
 //https://nvd.nist.gov/vuln/detail/CVE-2020-10683 (dom4j 2.1.3 version dependency) AND https://nvd.nist.gov/vuln/detail/CVE-2019-14900
 ext['hibernate.version'] = '5.4.18.Final'
 //https://nvd.nist.gov/vuln/detail/CVE-2020-10693
@@ -52,12 +52,10 @@ dependencies {
     implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.86'
     implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.86'
     implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.86'
-    //Fix CVE-2020-15522
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.69'
     //Fix CVE-2015-7501, CVE-2015-4852
     implementation 'org.apache.commons:commons-collections4:4.4'
     //Fix CVE-2018-10237
-    implementation 'com.google.guava:guava:31.1-jre'
+    implementation 'com.google.guava:guava:32.0.0-android'
     //Fix CVE-2020-13956
     implementation 'org.apache.httpcomponents:httpclient:4.5.14'
     //Fix CVE-2022-40152
@@ -70,26 +68,27 @@ dependencies {
     //Fix CVE-2023-34050
     implementation 'org.springframework.amqp:spring-amqp:2.4.17'
     //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
-    implementation 'org.springframework:spring-webmvc:5.3.33'
-    implementation 'org.springframework:spring-web:5.3.33'
+    implementation 'org.springframework:spring-webmvc:5.3.39'
+    implementation 'org.springframework:spring-web:5.3.39'
 
     ///// Security
     //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408
-    implementation 'org.springframework.security:spring-security-core:5.8.5'
-    implementation 'org.springframework.security:spring-security-config:5.8.5'
-    implementation 'org.springframework.security:spring-security-web:5.8.5'
-    //
-
+    implementation 'org.springframework.security:spring-security-core:5.8.14'
+    implementation 'org.springframework.security:spring-security-config:5.8.14'
+    implementation 'org.springframework.security:spring-security-web:5.8.14'
     implementation 'org.springframework.security:spring-security-oauth2-client'
     //Fix CVE-2023-1370
     implementation 'net.minidev:json-smart:2.4.10'
     //Fix CVE-2022-22969
     implementation 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
-    implementation 'org.springframework.security:spring-security-jwt:1.0.11.RELEASE'
+    implementation 'org.springframework.security:spring-security-jwt:1.1.1.RELEASE'
+    //Fix CVE-2020-15522 in org.springframework.security:spring-security-jwt:1.1.1.RELEASE
+    implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
     implementation 'org.springframework.security:spring-security-ldap'
     // TODO: consider migration to spring-security-saml2-service-provider
     implementation 'org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31'
-//  Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
+    implementation 'commons-collections:commons-collections:3.2.2'
+    //Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
     implementation 'org.apache.santuario:xmlsec:3.0.3'
     //Fix CVE-2015-7501, CVE-2015-4852
     implementation 'org.apache.commons:commons-collections4:4.4'
@@ -104,10 +103,11 @@ dependencies {
     implementation 'io.springfox:springfox-swagger2'
     implementation 'org.apache.commons:commons-compress:1.26.0'
     implementation 'org.cryptacular:cryptacular:1.1.4'
-    // TODO: snakeyaml 2.0 supported by Spring Boot 3 only
-    implementation 'org.yaml:snakeyaml:1.33'
+    // TODO: snakeyaml 2.0 supported by Spring Boot 2.7 and 3.X only
+    // We don't user application.yml, so it's safe to use 2.2
+    implementation 'org.yaml:snakeyaml:2.2'
     implementation 'org.hibernate:hibernate-core:5.4.24.Final'
-    implementation 'org.springframework:spring-core:5.3.30'
+    implementation 'org.springframework:spring-core:5.3.39'
     implementation "com.rabbitmq:http-client:5.2.0"
 
     // Lombok

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

project-properties.gradle

@@ -7,10 +7,10 @@ project.ext {
     publishRepo = "https://maven.pkg.github.com/reportportal/service-authorization"
     dependencyRepos = ["commons-dao", "commons-rules", "commons-model", "commons-bom"]
     releaseMode = project.hasProperty("releaseMode")
-    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.10.0' : 'master')
+    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.11.0' : 'develop')
     isDebugMode = System.getProperty("DEBUG", "false") == "true"
 }
 
 wrapper {
-    gradleVersion = '6.8'
+    gradleVersion = '8.10'
 }

src/main/resources/application.properties

@@ -9,4 +9,84 @@ rp.feature.flags=
 datastore.thumbnail.attachment.width=\${rp.binarystore.thumbnail.attachment.width:80}
 datastore.thumbnail.attachment.height=\${rp.binarystore.thumbnail.attachment.height:60}
 datastore.thumbnail.avatar.width=\${rp.binarystore.thumbnail.avatar.width:40}
-datastore.thumbnail.avatar.height=\${rp.binarystore.thumbnail.avatar.height:60}
+datastore.thumbnail.avatar.height=\${rp.binarystore.thumbnail.avatar.height:60}
+
+# Application.yaml configuration
+# Server configuration
+server.port=9999
+server.forward-headers-strategy=NATIVE
+server.servlet.context-path=/
+
+# Spring configuration
+spring.application.name=uat
+spring.jackson.default-property-inclusion=non_null
+spring.session.store-type=jdbc
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect
+spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
+spring.jpa.generate-ddl=false
+spring.jpa.hibernate.ddl-auto=none
+spring.profiles.active=\${rp.profiles:default}
+spring.web.locale=en_US
+spring.web.locale-resolver=fixed
+
+# Logging configuration
+logging.level.org.springframework.security=debug
+logging.level.org.hibernate=info
+logging.level.org.hibernate.stat=info
+logging.level.org.springframework.web.bind=fatal
+
+# OpenAPI documentation configuration
+springfox.documentation.swagger.v2.path=/api-docs
+
+# Custom reportportal configuration
+rp.datasource.type=com.zaxxer.hikari.HikariDataSource
+rp.datasource.driverClassName=org.postgresql.Driver
+rp.datasource.jdbcUrl=\${rp.db.url}
+rp.datasource.username=\${rp.db.user}
+rp.datasource.password=\${rp.db.pass}
+rp.datasource.maximumPoolSize=27
+
+rp.db.url=jdbc:postgresql://\${rp.db.host}:\${rp.db.port}/\${rp.db.name}
+rp.db.name=reportportal
+rp.db.host=postgres
+rp.db.port=5432
+rp.db.user=
+rp.db.pass=
+
+rp.jwt.signing-key=
+rp.jwt.token.validity-period=\${rp.session.live}
+
+rp.session.live=86400
+
+rp.saml.session-live=4320
+
+rp.auth.saml.base-path=
+rp.auth.saml.entity-id=report.portal.sp.id
+rp.auth.saml.key-password=password
+rp.auth.saml.key-alias=report-portal-sp
+rp.auth.saml.session-live=\${rp.saml.session-live}
+rp.auth.saml.key-store=saml/keystore.jks
+rp.auth.saml.key-store-password=password
+rp.auth.saml.network-connection-timeout=5000
+rp.auth.saml.network-read-timeout=10000
+rp.auth.saml.signed-requests=false
+rp.auth.saml.active-key-name=sp-signing-key
+rp.auth.saml.prefix=saml/sp
+
+rp.amqp.addresses=amqp://\${rp.amqp.user}:\${rp.amqp.pass}@\${rp.amqp.host}:\${rp.amqp.port}
+rp.amqp.base-vhost=/
+rp.amqp.host=rabbitmq
+rp.amqp.port=5672
+rp.amqp.user=
+rp.amqp.pass=
+
+# ReportPortal file storage configuration
+datastore.path=/data/storage
+datastore.type:=minio
+datastore.endpoint= http://play.min.io
+datastore.accessKey=
+datastore.secretKey=
+datastore.bucketPrefix= prj-
+datastore.bucketPostfix=
+datastore.defaultBucketName= rp-bucket
+datastore.region=us-west-1

src/main/resources/application.yaml → src/main/resources/application.yaml.bkp

@@ -1,8 +1,8 @@
 server:
   port: 9999
-  use-forward-headers: true
   servlet:
     context-path: /
+  forward-headers-strategy: native
 spring:
   application:
     name: uat