Skip to content

Commit

Permalink
[GovWayCore]
Browse files Browse the repository at this point in the history 
Sono state risolte le seguenti vulnerabilità relative ai jar di terza parte:
- CVE-2024-22257: aggiornata libreria 'org.springframework.security:*' alla versione 5.8.11
- CVE-2024-28752: aggiornata libreria 'org.apache.cxf:*' alla versione 3.6.3
                  aggiornata libreria 'org.ow2.asm:asm' alla versione 9.6
                  aggiornata libreria 'org.codehaus.woodstox:stax2-api' alla versione 4.2.2
                  aggiornata libreria 'com.fasterxml.woodstox:woodstox-core' alla versione 6.6.0
                  aggiornata libreria 'org.apache.ws.xmlschema:xmlschema-core' alla versione 2.3.1
                  aggiornata libreria 'org.springframework:*' alla versione 5.3.3
  • Loading branch information
@andreapoli
andreapoli committed Mar 21, 2024
1 parent 22364b7 commit 6f6a5b4
Show file tree
Hide file tree
Showing 77 changed files with 2,215 additions and 2,136 deletions.
12 changes: 12 additions & 0 deletions ChangeLog
View file
@@ -1,3 +1,15 @@
2024-03-21 Andrea Poli <apoli@link.it>

* [GovWayCore]
Sono state risolte le seguenti vulnerabilità relative ai jar di terza parte:
- CVE-2024-22257: aggiornata libreria 'org.springframework.security:*' alla versione 5.8.11
- CVE-2024-28752: aggiornata libreria 'org.apache.cxf:*' alla versione 3.6.3
aggiornata libreria 'org.ow2.asm:asm' alla versione 9.6
aggiornata libreria 'org.codehaus.woodstox:stax2-api' alla versione 4.2.2
aggiornata libreria 'com.fasterxml.woodstox:woodstox-core' alla versione 6.6.0
aggiornata libreria 'org.apache.ws.xmlschema:xmlschema-core' alla versione 2.3.1
aggiornata libreria 'org.springframework:*' alla versione 5.3.3

2024-03-21 Andrea Poli <apoli@link.it>

* [GovWayCore]
Expand Down
30 changes: 15 additions & 15 deletions core/ant/openspcoop2-ear.xml
View file
Expand Up @@ -28,9 +28,9 @@
<var name="tmp" value="${tmp} ${tmp_prefix}/commons-io-2.11.0.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/commons-lang-2.6.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/commons-net-3.9.0.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cxf-core-3.6.1-gov4j-1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cxf-rt-bindings-soap-3.6.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cxf-rt-ws-security-3.6.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cxf-core-3.6.3-gov4j-1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cxf-rt-bindings-soap-3.6.3.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cxf-rt-ws-security-3.6.3.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/jaxb-api-2.3.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/jaxb-core-2.3.0.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/jaxb-impl-2.3.7.jar"/>
Expand Down Expand Up @@ -61,20 +61,20 @@
<var name="tmp" value="${tmp} ${tmp_prefix}/saaj-impl-1.5.3-gov4j-1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/stax-ex-1.8.3.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/mimepull-1.9.14.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-aop-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-aspects-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-beans-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-context-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-context-support-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-core-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-expression-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-tx-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-web-5.3.32.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-security-core-5.8.7.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-aop-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-aspects-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-beans-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-context-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-context-support-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-core-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-expression-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-tx-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-web-5.3.33.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/spring-security-core-5.8.11.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/uddi4j-2.0.5.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/xalan-2.7.3.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/xml-resolver-1.2.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/xmlschema-core-2.3.0.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/xmlschema-core-2.3.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/xmlsec-2.3.4-gov4j-1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/cryptacular-1.2.5.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/jasypt-1.9.3.jar"/>
Expand All @@ -86,7 +86,7 @@
<var name="tmp" value="${tmp} ${tmp_prefix}/wss4j-ws-security-dom-2.4.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/wss4j-ws-security-policy-stax-2.4.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/wss4j-ws-security-stax-2.4.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/woodstox-core-6.5.1.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/woodstox-core-6.6.0.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/joda-time-2.12.0.jar"/>
<var name="tmp" value="${tmp} ${tmp_prefix}/guava-32.1.1-jre.jar"/>
<var name="manifest.classpath.3parti" value="${tmp}" />
Expand Down
2 changes: 1 addition & 1 deletion example/pdd/server/testService/build.xml
View file
Expand Up @@ -201,7 +201,7 @@
<lib dir="${libs}/cxf">
<include name="cxf-core-*.jar" />
<include name="cxf-rt-*.jar" />
<exclude name="cxf-rt-transports-http-3.6.1.jar" /> <!-- warning su wildfly al deploy -->
<exclude name="cxf-rt-transports-http-3.6.3.jar" /> <!-- warning su wildfly al deploy -->
<include name="jakarta.ws.rs-api-2.1.6.jar" />
</lib>
<lib dir="${libs}/saaj">
Expand Down
88 changes: 44 additions & 44 deletions lib/openspcoop2.userlibraries
View file
Expand Up @@ -26,36 +26,36 @@
<archive path="/op2_3.3.dev/lib/commons/commons-compress-1.26.0.jar"/>
<archive path="/op2_3.3.dev/lib/commons/commons-math3-3.6.1.jar"/>
<!-- cxf -->
<archive path="/op2_3.3.dev/lib/cxf/cxf-core-3.6.1-gov4j-1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-bindings-soap-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-databinding-jaxb-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-features-logging-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-frontend-simple-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-frontend-jaxws-3.6.1.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-frontend-jaxrs-3.6.1.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-security-3.6.1.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-security-saml-3.6.1.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-transports-http-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-transports-http-jetty-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-json-basic-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-security-jose-3.6.1-gov4j-1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-security-jose-jaxrs-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-service-description-common-openapi-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-service-description-openapi-v3-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-service-description-swagger-ui-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-wsdl-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-ws-policy-3.6.1.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-ws-security-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-common-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-validator-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-wsdlto-core-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-wsdlto-databinding-jaxb-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-wsdlto-frontend-jaxws-3.6.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/asm-9.5.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-core-3.6.3-gov4j-1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-bindings-soap-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-databinding-jaxb-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-features-logging-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-frontend-simple-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-frontend-jaxws-3.6.3.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-frontend-jaxrs-3.6.3.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-security-3.6.3.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-security-saml-3.6.3.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-transports-http-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-transports-http-jetty-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-json-basic-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-security-jose-3.6.3-gov4j-1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-security-jose-jaxrs-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-service-description-common-openapi-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-service-description-openapi-v3-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-rs-service-description-swagger-ui-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-wsdl-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-ws-policy-3.6.3.jar" />
<archive path="/op2_3.3.dev/lib/cxf/cxf-rt-ws-security-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-common-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-validator-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-wsdlto-core-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-wsdlto-databinding-jaxb-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/cxf-tools-wsdlto-frontend-jaxws-3.6.3.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/asm-9.6.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/jakarta.ws.rs-api-2.1.6.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/stax2-api-4.2.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/woodstox-core-6.5.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/xmlschema-core-2.3.0.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/stax2-api-4.2.2.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/woodstox-core-6.6.0.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/xmlschema-core-2.3.1.jar"/>
<archive path="/op2_3.3.dev/lib/cxf/xml-resolver-1.2.jar"/>
<!-- httpcore -->
<archive path="/op2_3.3.dev/lib/httpcore/httpmime-4.5.13.jar"/>
Expand Down Expand Up @@ -248,21 +248,21 @@
<archive path="/op2_3.3.dev/lib/soapbox/ultraesb-api-1.7.1.jar"/>
<archive path="/op2_3.3.dev/lib/soapbox/metro-webservices_xwss_com_sun_xml-2.2.jar"/>
<!-- spring -->
<archive path="/op2_3.3.dev/lib/spring/spring-web-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-tx-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-expression-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-core-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-context-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-context-support-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-beans-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-aop-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-aspects-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-orm-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-web-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-tx-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-expression-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-core-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-context-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-context-support-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-beans-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-aop-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-aspects-5.3.33.jar"/>
<archive path="/op2_3.3.dev/lib/spring/spring-orm-5.3.33.jar"/>
<!-- spring-security -->
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-core-5.8.7.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-web-5.8.7.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-crypto-5.8.7.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-config-5.8.7.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-core-5.8.11.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-web-5.8.11.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-crypto-5.8.11.jar"/>
<archive path="/op2_3.3.dev/lib/spring-security/spring-security-config-5.8.11.jar"/>
<!-- swagger -->
<archive path="/op2_3.3.dev/lib/swagger/swagger-annotations-2.2.4.jar"/>
<archive path="/op2_3.3.dev/lib/swagger/swagger-core-2.2.4.jar"/>
Expand All @@ -288,7 +288,7 @@
<archive path="/op2_3.3.dev/lib/testsuite/karate-junit4-0.9.6.jar"/>
<archive path="/op2_3.3.dev/lib/testsuite/hamcrest-core-1.3.jar"/>
<archive path="/op2_3.3.dev/lib/testsuite/picocli-4.2.0.jar"/>
<archive path="/op2_3.3.dev/lib/testsuite/spring-jdbc-5.3.32.jar"/>
<archive path="/op2_3.3.dev/lib/testsuite/spring-jdbc-5.3.33.jar"/>
<!-- wadl -->
<archive path="/op2_3.3.dev/lib/wadl/wadl-core-1.1.6.jar"/>
<archive path="/op2_3.3.dev/lib/wadl/wadl-xslt-1.1.6.jar"/>
Expand Down
12 changes: 6 additions & 6 deletions mvn/dependencies/cxf/pom.xml
View file
Expand Up @@ -17,14 +17,14 @@

<jar.group.name>cxf</jar.group.name>

<asm.version>9.5</asm.version>
<cxf.version>3.6.1</cxf.version>
<cxf.gov4j.version>3.6.1-gov4j-1</cxf.gov4j.version>
<asm.version>9.6</asm.version>
<cxf.version>3.6.3</cxf.version>
<cxf.gov4j.version>3.6.3-gov4j-1</cxf.gov4j.version>
<javax.ws.rs.api.cxf.version>2.1.6</javax.ws.rs.api.cxf.version>
<stax2.api.version>4.2.1</stax2.api.version>
<woodstock.core.version>6.5.1</woodstock.core.version>
<stax2.api.version>4.2.2</stax2.api.version>
<woodstock.core.version>6.6.0</woodstock.core.version>
<xml.resolver.version>1.2</xml.resolver.version>
<xmlschema.core.version>2.3.0</xmlschema.core.version>
<xmlschema.core.version>2.3.1</xmlschema.core.version>

</properties>

Expand Down
2 changes: 1 addition & 1 deletion mvn/dependencies/owasp/falsePositives/CVE-2021-37533.xml
View file
Expand Up @@ -235,7 +235,7 @@
</suppress>
<suppress>
<notes><![CDATA[
file name: xmlschema-core-2.3.0.jar
file name: xmlschema-core-2.3.1.jar
La vulnerabilità 'CVE-2021-37533' è relativa alla dipendenza transitiva 'commons-net'.
In GovWay non viene utilizzata la versione definita nella dipendenza transitiva, ma bensì la versione commons-net-3.9.0.jar che non presenta la vulnerabilità.
]]></notes>
Expand Down
2 changes: 1 addition & 1 deletion mvn/dependencies/owasp/falsePositives/CVE-2022-40705.xml
View file
@@ -1,7 +1,7 @@
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: cxf-rt-bindings-soap-3.6.1.jar
file name: cxf-rt-bindings-soap-3.6.3.jar
La vulnerabilità 'CVE-2022-40705' è relativa alla libreria 'soap:soap' e non a CXF.
Evidenze disponibili in:
- https://nvd.nist.gov/vuln/detail/CVE-2022-40705 (This issue affects Apache SOAP version 2.2 and later versions)
Expand Down
2 changes: 1 addition & 1 deletion mvn/dependencies/owasp/falsePositives/spring-security-crypto.xml
View file
@@ -1,7 +1,7 @@
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: spring-security-crypto-5.8.7.jar
file name: spring-security-crypto-5.8.11.jar
La vulnerabilità indicata viene descritta come:
"Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."
La versione utilizzata è superiore alla '5.3.2' quindi sembrerebbe un falso positivo.
Expand Down
2 changes: 1 addition & 1 deletion mvn/dependencies/owasp/falsePositives/spring-web.xml
View file
@@ -1,7 +1,7 @@
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: spring-web-5.3.32.jar
file name: spring-web-5.3.33.jar
La vulnerabilità indicata viene descritta come:
"Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data."
La versione utilizzata è superiore alla '5.3.16' quindi sembrerebbe un falso positivo.
Expand Down
2 changes: 1 addition & 1 deletion mvn/dependencies/pom.xml
View file
Expand Up @@ -21,7 +21,7 @@
<owasp.output.dir>../../dependency-check-result</owasp.output.dir>

<!-- Versioni condivise dai moduli -->
<module.spring.version>5.3.32</module.spring.version>
<module.spring.version>5.3.33</module.spring.version>
</properties>

<modules>
Expand Down
2 changes: 1 addition & 1 deletion mvn/dependencies/spring-security/pom.xml
View file
Expand Up @@ -17,7 +17,7 @@

<jar.group.name>spring-security</jar.group.name>

<spring-security.version>5.8.7</spring-security.version>
<spring-security.version>5.8.11</spring-security.version>

</properties>

Expand Down
2 changes: 1 addition & 1 deletion protocolli/modipa/testsuite/build.xml
View file
Expand Up @@ -45,7 +45,7 @@
<include name="joda-time-2.12.0.jar"/>
</fileset>
<fileset dir="${required_lib}/cxf" >
<include name="asm-9.5.jar"/>
<include name="asm-9.6.jar"/>
</fileset>
<fileset dir="${openspcoop2.dist}" >
<include name="*.jar"/>
Expand Down
28 changes: 14 additions & 14 deletions protocolli/spcoop/example/registroServizi/wsdl/build.xml
View file
Expand Up @@ -58,20 +58,20 @@
<fileset dir="${required_lib}/log" includes="*.jar"/>
<fileset dir="${required_lib}/shared" includes="wsdl4j-1.6.3.jar"/>
<fileset dir="${required_lib}/shared" includes="velocity-engine-core-2.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-validator-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-wsdlto-core-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-wsdlto-frontend-jaxws-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-wsdlto-databinding-jaxb-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-common-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-core-3.6.1-gov4j-1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-wsdl-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-frontend-jaxws-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-frontend-simple-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-databinding-jaxb-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-bindings-soap-3.6.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="stax2-api-4.2.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="woodstox-core-6.5.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="xmlschema-core-2.3.0.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-validator-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-wsdlto-core-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-wsdlto-frontend-jaxws-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-wsdlto-databinding-jaxb-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-tools-common-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-core-3.6.3-gov4j-1.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-wsdl-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-frontend-jaxws-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-frontend-simple-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-databinding-jaxb-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="cxf-rt-bindings-soap-3.6.3.jar"/>
<fileset dir="${required_lib}/cxf" includes="stax2-api-4.2.2.jar"/>
<fileset dir="${required_lib}/cxf" includes="woodstox-core-6.6.0.jar"/>
<fileset dir="${required_lib}/cxf" includes="xmlschema-core-2.3.1.jar"/>
<fileset dir="${required_lib}/cxf" includes="xml-resolver-1.2.jar"/>
<fileset dir="${required_lib}/cxf" includes="jakarta.ws.rs-api-2.1.6.jar"/>
<fileset dir="${required_lib}/javax" includes="javax.servlet-api-4.0.1.jar"/>
Expand Down

0 comments on commit 6f6a5b4

Please sign in to comment.