Skip to content

Commit

Permalink
tomcat: manage up to 8.5.63
Browse files Browse the repository at this point in the history 
For CVE-2020-11996 among others.
  • Loading branch information
@dhalperi
dhalperi committed Feb 27, 2021
1 parent 7bbbec7 commit f9f1c19
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 33 deletions.
3 changes: 2 additions & 1 deletion library_deps.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,8 @@ BATFISH_MAVEN_ARTIFACTS = [
"org.apache.logging.log4j:log4j-api:2.13.3",
"org.apache.logging.log4j:log4j-core:2.13.3",
"org.apache.logging.log4j:log4j-slf4j-impl:2.13.3",
"org.apache.thrift:libthrift:0.14.0",
"org.apache.thrift:libthrift:0.14.0", # managed up: CVE-2020-13949
"org.apache.tomcat.embed:tomcat-embed-core:8.5.63", # managed up: CVE-2020-11996
"org.codehaus.jettison:jettison:1.4.0",
"io.github.java-diff-utils:java-diff-utils:4.0",
"org.glassfish.grizzly:grizzly-http-server:2.4.3",
Expand Down
62 changes: 30 additions & 32 deletions maven_install.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"dependency_tree": {
"__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": -1241672061,
"__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": 152954886,
"conflict_resolution": {
"com.google.errorprone:error_prone_annotations:2.3.1": "com.google.errorprone:error_prone_annotations:2.3.2",
"com.squareup.okhttp3:okhttp:3.14.8": "com.squareup.okhttp3:okhttp:4.2.2",
Expand Down Expand Up @@ -2440,15 +2440,14 @@
"org.slf4j:slf4j-api:1.7.28",
"commons-logging:commons-logging:1.2",
"commons-codec:commons-codec:1.11",
"org.apache.tomcat:tomcat-annotations-api:8.5.46",
"org.apache.tomcat.embed:tomcat-embed-core:8.5.46",
"org.apache.tomcat.embed:tomcat-embed-core:8.5.63",
"javax.annotation:javax.annotation-api:1.3.2",
"org.apache.httpcomponents:httpcore:4.4.12"
],
"directDependencies": [
"org.apache.httpcomponents:httpclient:4.5.10",
"org.slf4j:slf4j-api:1.7.28",
"org.apache.tomcat.embed:tomcat-embed-core:8.5.46",
"org.apache.tomcat.embed:tomcat-embed-core:8.5.63",
"javax.annotation:javax.annotation-api:1.3.2",
"org.apache.httpcomponents:httpcore:4.4.12"
],
Expand All @@ -2467,17 +2466,16 @@
"dependencies": [
"org.apache.httpcomponents:httpcore:jar:sources:4.4.12",
"commons-logging:commons-logging:jar:sources:1.2",
"org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.63",
"commons-codec:commons-codec:jar:sources:1.11",
"org.apache.httpcomponents:httpclient:jar:sources:4.5.10",
"org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.46",
"org.slf4j:slf4j-api:jar:sources:1.7.28",
"javax.annotation:javax.annotation-api:jar:sources:1.3.2",
"org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.46"
"javax.annotation:javax.annotation-api:jar:sources:1.3.2"
],
"directDependencies": [
"org.apache.httpcomponents:httpcore:jar:sources:4.4.12",
"org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.63",
"org.apache.httpcomponents:httpclient:jar:sources:4.5.10",
"org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.46",
"org.slf4j:slf4j-api:jar:sources:1.7.28",
"javax.annotation:javax.annotation-api:jar:sources:1.3.2"
],
Expand All @@ -2492,68 +2490,68 @@
"url": "https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.14.0/libthrift-0.14.0-sources.jar"
},
{
"coord": "org.apache.tomcat.embed:tomcat-embed-core:8.5.46",
"coord": "org.apache.tomcat.embed:tomcat-embed-core:8.5.63",
"dependencies": [
"org.apache.tomcat:tomcat-annotations-api:8.5.46"
"org.apache.tomcat:tomcat-annotations-api:8.5.63"
],
"directDependencies": [
"org.apache.tomcat:tomcat-annotations-api:8.5.46"
"org.apache.tomcat:tomcat-annotations-api:8.5.63"
],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.46/tomcat-embed-core-8.5.46.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.63/tomcat-embed-core-8.5.63.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.46/tomcat-embed-core-8.5.46.jar"
"https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.63/tomcat-embed-core-8.5.63.jar"
],
"sha256": "be5f854448d2ee5d6e0036feb2b4f713163079a1b6b9a7a97508e55917ad35c2",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.46/tomcat-embed-core-8.5.46.jar"
"sha256": "be6a247f2e17bac67dd28dadd8c6cf7522f857ba0209dcf6acef9074c8bd532c",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.63/tomcat-embed-core-8.5.63.jar"
},
{
"coord": "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.46",
"coord": "org.apache.tomcat.embed:tomcat-embed-core:jar:sources:8.5.63",
"dependencies": [
"org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.46"
"org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.63"
],
"directDependencies": [
"org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.46"
"org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.63"
],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.46/tomcat-embed-core-8.5.46-sources.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.63/tomcat-embed-core-8.5.63-sources.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.46/tomcat-embed-core-8.5.46-sources.jar"
"https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.63/tomcat-embed-core-8.5.63-sources.jar"
],
"sha256": "8fec3317359be4d4f4427417fdd2b458659940dccef798dfb30a8172d704895e",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.46/tomcat-embed-core-8.5.46-sources.jar"
"sha256": "6c6f47989d58201e3c072a8cc7a458489c5cf51d618c02cfdd0d5169cb5734f9",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/8.5.63/tomcat-embed-core-8.5.63-sources.jar"
},
{
"coord": "org.apache.tomcat:tomcat-annotations-api:8.5.46",
"coord": "org.apache.tomcat:tomcat-annotations-api:8.5.63",
"dependencies": [],
"directDependencies": [],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.46/tomcat-annotations-api-8.5.46.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.63/tomcat-annotations-api-8.5.63.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.46/tomcat-annotations-api-8.5.46.jar"
"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.63/tomcat-annotations-api-8.5.63.jar"
],
"sha256": "6a6b46d0e6958644514c0ca3658b3b07e6123a682a20ee36d3795242735fabc3",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.46/tomcat-annotations-api-8.5.46.jar"
"sha256": "677225556415b0c1685f8cc099f6162234c1371543b6e2463c0d1045e6aa3f41",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.63/tomcat-annotations-api-8.5.63.jar"
},
{
"coord": "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.46",
"coord": "org.apache.tomcat:tomcat-annotations-api:jar:sources:8.5.63",
"dependencies": [],
"directDependencies": [],
"exclusions": [
"org.hamcrest:hamcrest-core"
],
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.46/tomcat-annotations-api-8.5.46-sources.jar",
"file": "v1/https/repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.63/tomcat-annotations-api-8.5.63-sources.jar",
"mirror_urls": [
"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.46/tomcat-annotations-api-8.5.46-sources.jar"
"https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.63/tomcat-annotations-api-8.5.63-sources.jar"
],
"sha256": "8dcfe25deb1081f6d24364f598162654b916df8d64f70bddc01ef06a01202d24",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.46/tomcat-annotations-api-8.5.46-sources.jar"
"sha256": "9ac6d65c1680e5027f058989e75b49b0bda1988b87e830e4a65aa747b18513fb",
"url": "https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-annotations-api/8.5.63/tomcat-annotations-api-8.5.63-sources.jar"
},
{
"coord": "org.checkerframework:checker-qual:2.8.1",
Expand Down
7 changes: 7 additions & 0 deletions projects/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@
<httpcore.version>4.3.3</httpcore.version>
<libthrift.version>0.14.0</libthrift.version>
<okhttp.version>3.14.8</okhttp.version>
<tomcat-embed-core.version>8.5.63</tomcat-embed-core.version>

<!--
Annotation paths for Eclipse. The Eclipse workspace must first have the M2_REPO classpath variable configured.
Expand Down Expand Up @@ -984,6 +985,12 @@
<version>${libthrift.version}</version>
</dependency>

<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat-embed-core.version}</version>
</dependency>

<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
Expand Down

0 comments on commit f9f1c19

Please sign in to comment.