OWASP Dependency Check

Handle CVEs. Review with PL. Signed-off-by: Ivan Motsch <Ivan.Motsch@bsi-software.com>
eclipse-scout · Apr 15, 2024 · 246d187 · 246d187
1 parent 8e6294b
commit 246d187
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/...est/src/main/java/org/eclipse/scout/rt/server/jaxws/consumer/AbstractJaxWsClientTest.java b/...est/src/main/java/org/eclipse/scout/rt/server/jaxws/consumer/AbstractJaxWsClientTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2017 BSI Business Systems Integration AG.
+ * Copyright (c) 2010-2024 BSI Business Systems Integration AG.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -178,7 +178,7 @@ public void testSetupSleepWithReadTimeout() {
       fail("invocation is expected to be cancelled");
     }
     catch (WebServiceException e) {
-      if (!(e.getCause() instanceof SocketTimeoutException)) {
+      if (!isTimeoutCause(e)) {
         throw e;
       }
     }
@@ -290,7 +290,7 @@ public void testSamePortMultipleTimesSleepWithReadTimeoutCheckResponseCode() {
       fail("invocation is expected to be cancelled");
     }
     catch (WebServiceException e) {
-      if (!(e.getCause() instanceof SocketTimeoutException)) {
+      if (!isTimeoutCause(e)) {
         throw e;
       }
     }
@@ -301,6 +301,10 @@ public void testSamePortMultipleTimesSleepWithReadTimeoutCheckResponseCode() {
     assertHttpResponseCode(port, 200);
   }
 
+  protected boolean isTimeoutCause(WebServiceException e) {
+    return e.getCause() instanceof SocketTimeoutException;
+  }
+
   @Test
   public void testSamePortMultipleTimesSleepWithReadTimeoutCheckResponseHeaders() {
     final JaxWsConsumerTestServicePortType port = BEANS
@@ -325,7 +329,7 @@ public void testSamePortMultipleTimesSleepWithReadTimeoutCheckResponseHeaders()
       fail("invocation is expected to be cancelled");
     }
     catch (WebServiceException e) {
-      if (!(e.getCause() instanceof SocketTimeoutException)) {
+      if (!isTimeoutCause(e)) {
         throw e;
       }
     }
@@ -440,7 +444,7 @@ public void testAcquirePortInSameTransactionMultipleTimesSleepWithReadTimeoutChe
       fail("invocation is expected to be cancelled");
     }
     catch (WebServiceException e) {
-      if (!(e.getCause() instanceof SocketTimeoutException)) {
+      if (!isTimeoutCause(e)) {
         throw e;
       }
     }

diff --git a/org.eclipse.scout.rt/pom.xml b/org.eclipse.scout.rt/pom.xml
@@ -102,7 +102,7 @@
     <logback.version>1.2.13</logback.version>
     <!-- careful: jackson breaks api with Double/BigDecimal from 2.11 to 2.12 -->
     <jackson.version>2.11.4</jackson.version>
-    <io.netty-version>4.1.100.Final</io.netty-version>
+    <io.netty-version>4.1.108.Final</io.netty-version>
     <batik.version>1.17</batik.version>
     <activemq.version>5.18.3</activemq.version>
     <artemis.version>2.20.0</artemis.version>
@@ -666,7 +666,7 @@
       <dependency>
         <groupId>org.apache.cxf</groupId>
         <artifactId>cxf-rt-frontend-jaxws</artifactId>
-        <version>3.4.10</version>
+        <version>3.5.8</version>
         <exclusions>
           <exclusion>
             <groupId>jakarta.activation</groupId>
@@ -677,7 +677,7 @@
       <dependency>
         <groupId>org.apache.cxf</groupId>
         <artifactId>cxf-rt-transports-http</artifactId>
-        <version>3.4.10</version>
+        <version>3.5.8</version>
         <exclusions>
           <exclusion>
             <groupId>jakarta.activation</groupId>
@@ -688,7 +688,7 @@
       <dependency>
         <groupId>org.apache.cxf</groupId>
         <artifactId>cxf-rt-transports-http-jetty</artifactId>
-        <version>3.4.10</version>
+        <version>3.5.8</version>
         <exclusions>
           <exclusion>
             <groupId>javax.servlet</groupId>