Merge pull request #140 from ibm-datapower/amiya-cve-fix

Amiya-873 · web-flow · commit 472a5830204a · 2025-02-27T14:55:40.000+05:30
updated plugin to fix multiple CVEs
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: Datapower26
+          tag_name: Datapower27
           files: |
             dist/*.zip
             dist/*.jar
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,7 @@
 
 /target/
 /schemas/
+.DS_Store
+.idea/
+src/datapower-configuration-manager.iml
+src/main/main.iml
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ Deploy (UCD).
 ## Prerequisites
 
 * JDK 1.6 or later is required to build. An equivalent JRE is supported if using a prebuilt plugin.
-* Apache Ant (1.8.1 or later, 1.9.9 will be packaged with UCD plugin)
+* Apache Ant (1.8.1 or later, 1.9.15 will be packaged with UCD plugin)
 
 ## Building
 
diff --git a/build.xml b/build.xml
@@ -41,16 +41,16 @@
 
   <!-- Java-related defaults -->
   <property name="java.debug" value="true"/>
-  <property name="needed.java.version" value="1.7"/>
+  <property name="needed.java.version" value="1.8"/>
 
   <!-- Which Xalan version to include -->
-  <property name="needed.xalan.version" value="2.7.2"/>
+  <property name="needed.xalan.version" value="2.7.3"/>
 
   <!-- Which Ant version to include -->
-  <property name="needed.ant.version" value="1.9.9"/>
+  <property name="needed.ant.version" value="1.9.15"/>
 
   <!-- Plugin version during build time -->
-  <property name="plugin.version" value="26"/>
+  <property name="plugin.version" value="27"/>
 
   <target name="distro" description="Produce a new distribution" depends="clean,plugin">
 
diff --git a/src/main/zip/RunDeployDotAnt.groovy b/src/main/zip/RunDeployDotAnt.groovy
@@ -54,7 +54,7 @@ try
 
   def ch = new CommandHelper(new File('.'))
   def dcmDir = ch.getProcessBuilder().environment().get('PLUGIN_HOME') + '/dcm'
-  def anthome = dcmDir + '/apache-ant-1.9.9/'
+  def anthome = dcmDir + '/apache-ant-1.9.15/'
   ch.addEnvironmentVariable('ANT_HOME', anthome)
 
   // Get ANT_OPTS environment variable
diff --git a/src/main/zip/info.xml b/src/main/zip/info.xml
@@ -200,5 +200,13 @@
     <release-note plugin-version="26">
         Added "upload directory" step a a duplicate step to "upload files" to avoid confusion for a users.
     </release-note>
+    <release-note plugin-version="27">
+        DataPower plugin is now bundled with Ant v1.9.15due to CVEs.
+        Removed vulnerability: CVE-2022-34169
+        Removed vulnerability: sonatype-2018-0330
+        Removed vulnerability: CVE-2020-1945
+        Removed vulnerability: CVE-2021-36373
+        Removed vulnerability: CVE-2022-34169
+    </release-note>
   </release-notes>
 </pluginInfo>
diff --git a/src/main/zip/plugin.xml b/src/main/zip/plugin.xml
@@ -19,7 +19,7 @@
 <plugin xmlns="http://www.urbancode.com/PluginXMLSchema_v1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 
   <header>
-    <identifier version="26" id="com.ibm.datapower" name="DataPower"/>
+    <identifier version="27" id="com.ibm.datapower" name="DataPower"/>
     <description>The IBM WebSphere DataPower plugin deploys DataPower services.</description>
     <tag>Infrastructure/WebSphere DataPower</tag>
   </header>
diff --git a/src/main/zip/upgrade.xml b/src/main/zip/upgrade.xml
@@ -597,5 +597,7 @@
   </migrate>
   <migrate to-version="26">
   </migrate>
+  <migrate to-version="27">
+  </migrate>
         
 </plugin-upgrade>
