v3.2.1: Bump mysql-connector-java and jackson-databind to fix vulnera…

…bilities
querqy · Oct 18, 2019 · 56a07fa · 56a07fa
1 parent ff6c1b3
commit 56a07fa
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ SMUI is a tool for managing Solr-based onsite search. It provides a web user int
 You can use `make` to build and run SMUI as or into a docker container (see [Makefile](Makefile)), e.g. (command line):
 
 ```
-make docker-build
+make docker-build-only
 make docker-run
 ```
 

diff --git a/build.sbt b/build.sbt
@@ -2,7 +2,7 @@ import com.typesafe.sbt.GitBranchPrompt
 import com.typesafe.sbt.packager.rpm.RpmPlugin.autoImport.{rpmBrpJavaRepackJars, rpmLicense}
 
 name := "search-management-ui"
-version := "3.2.0"
+version := "3.2.1"
 
 scalaVersion := "2.12.4"
 
@@ -135,7 +135,7 @@ libraryDependencies ++= {
 
     // Additional Play Framework Dependencies
 
-    "mysql" % "mysql-connector-java" % "8.0.13", // TODO verify use of mysql-connector over explicit mariaDB connector instead
+    "mysql" % "mysql-connector-java" % "8.0.18", // TODO verify use of mysql-connector over explicit mariaDB connector instead
     "org.postgresql" % "postgresql" % "42.2.5",
     "org.xerial" % "sqlite-jdbc" % "3.25.2",
     "org.playframework.anorm" %% "anorm" % "2.6.4",
@@ -193,10 +193,17 @@ libraryDependencies ++= {
     "org.xerial" % "sqlite-jdbc" % "3.28.0" % Test
   )
 }
-dependencyOverrides ++= Seq(
-  "org.webjars.npm" % "minimatch" % "3.0.0",
-  "org.webjars.npm" % "glob" % "7.1.2"
-)
+
+
+dependencyOverrides ++= {
+  lazy val jacksonVersion = "2.9.10"
+  Seq(
+    "org.webjars.npm" % "minimatch" % "3.0.0",
+    "org.webjars.npm" % "glob" % "7.1.2",
+    "com.fasterxml.jackson.core" % "jackson-databind" % jacksonVersion,
+    "com.fasterxml.jackson.core" % "jackson-core" % jacksonVersion
+  )
+}
 
 // use the webjars npm directory (target/web/node_modules ) for resolution of module imports of angular2/core etc
 resolveFromWebjarsNodeModulesDir := true

diff --git a/suppress-checks.xml b/suppress-checks.xml
@@ -1,3 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+        False positive
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/tyrex/tyrex@.*$</packageUrl>
+        <cve>CVE-2009-2704</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        False positive
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/tyrex/tyrex@.*$</packageUrl>
+        <cve>CVE-2009-2705</cve>
+    </suppress>
 </suppressions>