Fix for CVE-2976 + add CVE checker (opensearch-project#624)

* Fix for CVE-2976 + add CVE checker Signed-off-by: Omar Khasawneh <okhasawn@amazon.com> * Updated Changelog Signed-off-by: Omar Khasawneh <okhasawn@amazon.com> --------- Signed-off-by: Omar Khasawneh <okhasawn@amazon.com> (cherry picked from commit d09bb4e)
reta · Sep 15, 2023 · c0c39d2 · c0c39d2
1 parent ed66cf6
commit c0c39d2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Fix PutMappingRequest by removing unsupported fields ([#597](https://github.com/opensearch-project/opensearch-java/pull/597))
 - [BUG] JarHell caused by latest software.amazon.awssdk 2.20.141 ([#616](https://github.com/opensearch-project/opensearch-java/pull/616))
 - Don't over-allocate in HeapBufferedAsyncEntityConsumer in order to consume the response ([#620](https://github.com/opensearch-project/opensearch-java/pull/620))
+- Fixed CVE-2976 + added CVE checker ([#624](https://github.com/opensearch-project/opensearch-java/pull/624))
 
 ### Security
 

diff --git a/java-client/build.gradle.kts b/java-client/build.gradle.kts
@@ -49,16 +49,19 @@ plugins {
     checkstyle
     `maven-publish`
     id("com.github.jk1.dependency-license-report") version "2.5"
+    id("org.owasp.dependencycheck") version "8.4.0"
 }
 
+apply(plugin = "org.owasp.dependencycheck")
+
 configurations {
     all {
         exclude(group = "software.amazon.awssdk", module = "third-party-jackson-core")
     }
 }
 
 checkstyle {
-    toolVersion = "10.0"
+    toolVersion = "10.12.3"
 }
 
 java {