From d001cdc8597fd78451a52f140e3ed12bdfea1100 Mon Sep 17 00:00:00 2001
From: amiyakumar-sahoo <amiyakumar.sahoo@hcl.com>
Date: Wed, 26 Feb 2025 13:24:56 +0530
Subject: [PATCH 1/3] updated plugin to fix multiple CVEs

---
 .gitignore                          | 4 ++++
 README.md                           | 2 +-
 build.xml                           | 6 +++---
 src/main/zip/RunDeployDotAnt.groovy | 2 +-
 src/main/zip/info.xml               | 8 ++++++++
 src/main/zip/plugin.xml             | 2 +-
 src/main/zip/upgrade.xml            | 2 ++
 7 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index a83be04..b2150b8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,7 @@
 
 /target/
 /schemas/
+.DS_Store
+.idea/
+src/datapower-configuration-manager.iml
+src/main/main.iml
diff --git a/README.md b/README.md
index 71f06c6..dd3bc22 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Deploy (UCD).
 ## Prerequisites
 
 * JDK 1.6 or later is required to build. An equivalent JRE is supported if using a prebuilt plugin.
-* Apache Ant (1.8.1 or later, 1.9.9 will be packaged with UCD plugin)
+* Apache Ant (1.8.1 or later, 1.9.15 will be packaged with UCD plugin)
 
 ## Building
 
diff --git a/build.xml b/build.xml
index 413e886..c99340f 100644
--- a/build.xml
+++ b/build.xml
@@ -41,13 +41,13 @@
 
   <!-- Java-related defaults -->
   <property name="java.debug" value="true"/>
-  <property name="needed.java.version" value="1.7"/>
+  <property name="needed.java.version" value="1.8"/>
 
   <!-- Which Xalan version to include -->
-  <property name="needed.xalan.version" value="2.7.2"/>
+  <property name="needed.xalan.version" value="2.7.3"/>
 
   <!-- Which Ant version to include -->
-  <property name="needed.ant.version" value="1.9.9"/>
+  <property name="needed.ant.version" value="1.9.15"/>
 
   <!-- Plugin version during build time -->
   <property name="plugin.version" value="26"/>
diff --git a/src/main/zip/RunDeployDotAnt.groovy b/src/main/zip/RunDeployDotAnt.groovy
index 2ff3a53..dcb7c4d 100644
--- a/src/main/zip/RunDeployDotAnt.groovy
+++ b/src/main/zip/RunDeployDotAnt.groovy
@@ -54,7 +54,7 @@ try
 
   def ch = new CommandHelper(new File('.'))
   def dcmDir = ch.getProcessBuilder().environment().get('PLUGIN_HOME') + '/dcm'
-  def anthome = dcmDir + '/apache-ant-1.9.9/'
+  def anthome = dcmDir + '/apache-ant-1.9.15/'
   ch.addEnvironmentVariable('ANT_HOME', anthome)
 
   // Get ANT_OPTS environment variable
diff --git a/src/main/zip/info.xml b/src/main/zip/info.xml
index f263576..f781b96 100644
--- a/src/main/zip/info.xml
+++ b/src/main/zip/info.xml
@@ -200,5 +200,13 @@
     <release-note plugin-version="26">
         Added "upload directory" step a a duplicate step to "upload files" to avoid confusion for a users.
     </release-note>
+    <release-note plugin-version="27">
+        DataPower plugin is now bundled with Ant v1.9.15due to CVEs.
+        Removed vulnerability: CVE-2022-34169
+        Removed vulnerability: sonatype-2018-0330
+        Removed vulnerability: CVE-2020-1945
+        Removed vulnerability: CVE-2021-36373
+        Removed vulnerability: CVE-2022-34169
+    </release-note>
   </release-notes>
 </pluginInfo>
diff --git a/src/main/zip/plugin.xml b/src/main/zip/plugin.xml
index 0ce5ea0..9fd5e92 100644
--- a/src/main/zip/plugin.xml
+++ b/src/main/zip/plugin.xml
@@ -19,7 +19,7 @@
 <plugin xmlns="http://www.urbancode.com/PluginXMLSchema_v1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 
   <header>
-    <identifier version="26" id="com.ibm.datapower" name="DataPower"/>
+    <identifier version="27" id="com.ibm.datapower" name="DataPower"/>
     <description>The IBM WebSphere DataPower plugin deploys DataPower services.</description>
     <tag>Infrastructure/WebSphere DataPower</tag>
   </header>
diff --git a/src/main/zip/upgrade.xml b/src/main/zip/upgrade.xml
index 09885b1..5573f1f 100644
--- a/src/main/zip/upgrade.xml
+++ b/src/main/zip/upgrade.xml
@@ -597,5 +597,7 @@
   </migrate>
   <migrate to-version="26">
   </migrate>
+  <migrate to-version="27">
+  </migrate>
         
 </plugin-upgrade>

From b016694364f1a9de5f116dc02cdcde531d4b25ae Mon Sep 17 00:00:00 2001
From: Amiya-873 <71648041+Amiya-873@users.noreply.github.com>
Date: Wed, 26 Feb 2025 13:30:01 +0530
Subject: [PATCH 2/3] Update main.yml

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 5967073..0d1cfc7 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
         with:
-          tag_name: Datapower26
+          tag_name: Datapower27
           files: |
             dist/*.zip
             dist/*.jar

From 18ed629586a4a271ab78ba4f5ebaeb6e7b69fcca Mon Sep 17 00:00:00 2001
From: amiyakumar-sahoo <amiyakumar.sahoo@hcl.com>
Date: Wed, 26 Feb 2025 14:20:50 +0530
Subject: [PATCH 3/3] updated version in build.xml

---
 build.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.xml b/build.xml
index c99340f..78f6a72 100644
--- a/build.xml
+++ b/build.xml
@@ -50,7 +50,7 @@
   <property name="needed.ant.version" value="1.9.15"/>
 
   <!-- Plugin version during build time -->
-  <property name="plugin.version" value="26"/>
+  <property name="plugin.version" value="27"/>
 
   <target name="distro" description="Produce a new distribution" depends="clean,plugin">