Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Pom.xml to latest versions of Dependencies #1959

Closed
prb112 opened this issue Feb 17, 2021 · 0 comments · Fixed by #1960
Closed

Upgrade Pom.xml to latest versions of Dependencies #1959

prb112 opened this issue Feb 17, 2021 · 0 comments · Fixed by #1960
Assignees
@prb112 @JohnTimm
Labels
automation automation security
Milestone
Sprint 2021-03

Comments

@prb112
Copy link
Contributor

prb112 commented Feb 17, 2021

Is your feature request related to a problem? Please describe.
Upgrade Pom.xml to latest versions of Dependencies

CXF to org/apache/cxf/cxf-core/3.4.2
COS to 2.9.0
Kafka-Clients to 2.7.0
HttpClient to latest 4.5 branch

Relevant CVEs fixed by these changes are:

CVE-2020-13956 | org.apache.httpcomponents_httpclient | 4.5.12 | fixed in 5.0.3, 4.5.13 | medium | 5.3
CVE-2020-13954 | org.apache.cxf_cxf-core | 3.3.6 | fixed in 3.4.1, 3.3.8 | medium | 6.1
CVE-2020-25649 | com.fasterxml.jackson.core_jackson-databind | 2.10.0 | fixed in 2.10.5.1, 2.9.10.7, 2.6.7.4 | high | 7.5
@prb112 prb112 self-assigned this Feb 17, 2021
@prb112 prb112 added this to the Sprint 2021-03 milestone Feb 17, 2021
prb112 added a commit that referenced this issue Feb 17, 2021
@prb112
Upgrade Pom.xml to latest versions of Dependencies #1959
a450814 
Signed-off-by: Paul Bastide <pbastide@us.ibm.com>
@prb112 prb112 linked a pull request Feb 17, 2021 that will close this issue
Upgrade Pom.xml to latest versions of Dependencies #1959 #1960
Merged
prb112 added a commit that referenced this issue Feb 18, 2021
@prb112
Merge pull request #1960 from IBM/issue-1959
f4d8a08 
Upgrade Pom.xml to latest versions of Dependencies #1959
JohnTimm added a commit that referenced this issue Feb 22, 2021
@JohnTimm @prb112
Merge main into fhir-term-graph (#1976)
6f431d8 
* Upgrade Pom.xml to latest versions of Dependencies #1959

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Update to include Bulkdata

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Push version dependencies into parent

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Update Dependencies and Resolve Duplicates in the pom.xmls, shifted the dependency versions to dependencyManagement in the parent pom

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* fix: update per code review and fix compilation

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Remove changes to Apache Derby and add a comment not to upgrade

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Update Test Certificates to Expire in Year 2051 (#1900)

* Update Test Certificates to Expire in Year 2051

- Update CI/CD Audit resources (jks)
- Update Minio Resources (crt,key)
- Update fhir-server trust and key store (p12)
- Update fhir-client (p12)
- Create build/certificates with documentation on certificates and utility scripts

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Unify the CA that signs the Client/Server

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Unify the Certificates including Minio

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Unify the Certificates including Minio

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* fhir-server-test relies on certificates in p12 files expire in April 2021 #1276

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* fhir-server-test relies on certificates in p12 files expire in April 2021 #1276

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Update to include subject alternate names

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Update to include subject alternate names

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* update for notification ci and per review comments

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Fix: pom.xml

Signed-off-by: Paul Bastide <pbastide@us.ibm.com>

* Issue #1530 - fhir-term refactoring (#1975)

Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>

Co-authored-by: Paul Bastide <pbastide@us.ibm.com>
JohnTimm added a commit that referenced this issue Feb 22, 2021
@JohnTimm
Issue #1959 - updated ANTLR generated artifacts for 4.9.1
00c7664 
Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
JohnTimm added a commit that referenced this issue Feb 22, 2021
@JohnTimm
Issue #1959 - updated ANTLR generated artifacts for 4.9.1 (#1977)
6c4b0fb 
Signed-off-by: John T.E. Timm <johntimm@us.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prb112 prb112

@JohnTimm JohnTimm

Labels
automation automation security
Projects
None yet
Milestone
Sprint 2021-03
Development

Successfully merging a pull request may close this issue.

Upgrade Pom.xml to latest versions of Dependencies #1959 LinuxForHealth/FHIR
2 participants
@prb112 @JohnTimm