From bb52b33101f80cdcaa2c02ba4ac84cb6f4c99f61 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 21 Apr 2026 10:15:07 +0000
Subject: [PATCH 1/3] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967727
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804
---
 pom.xml | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3bb488e112..708e490708 100644
--- a/pom.xml
+++ b/pom.xml
@@ -517,7 +517,7 @@
 			<dependency>
 				<groupId>org.apache.logging.log4j</groupId>
 				<artifactId>log4j-core</artifactId>
-				<version>2.19.0</version>
+				<version>2.25.4</version>
 			</dependency>
 
 			<!-- Spring -->
@@ -916,7 +916,7 @@
 	</reporting>
 
 	<properties>
-		<inge.aa.client.class />
+		<inge.aa.client.class/>
 		<inge.aa.client.finish.class>de.mpg.mpdl.inge.aa.web.client.IngeAaClientFinish</inge.aa.client.finish.class>
 		<inge.aa.client.logout.class>de.mpg.mpdl.inge.aa.web.client.IngeAaLogoutClient</inge.aa.client.logout.class>
 		<inge.aa.client.start.class>de.mpg.mpdl.inge.aa.web.client.IngeAaClientStart</inge.aa.client.start.class>
@@ -924,8 +924,8 @@
 		<inge.aa.instance.url>http://localhost:8080/auth/</inge.aa.instance.url>
 		<inge.aa.private.key.file>private.key</inge.aa.private.key.file>
 		<inge.aa.public.key.file>public.key</inge.aa.public.key.file>
-		<inge.auth.mpg.ip.csv.url />
-		<inge.auth.mpg.ip.json.url />
+		<inge.auth.mpg.ip.csv.url/>
+		<inge.auth.mpg.ip.json.url/>
 		<inge.auth.mpg.ip.use>true</inge.auth.mpg.ip.use>
 		<inge.cone.cache.use>true</inge.cone.cache.use>
 		<inge.cone.database.driver.class>org.postgresql.Driver</inge.cone.database.driver.class>
@@ -958,11 +958,11 @@
 		<inge.database.driver.class>org.postgresql.Driver</inge.database.driver.class>
 		<inge.doi.service.create.url>/doxi/rest/doi</inge.doi.service.create.url>
 		<inge.doi.service.use>true</inge.doi.service.use>
-		<inge.es.password />
+		<inge.es.password/>
 		<inge.es.rest.host-port>http://localhost:9200</inge.es.rest.host-port>
-		<inge.es.rest.path-prefix />
-		<inge.es.user />
-		<inge.es.rest.path-prefix />
+		<inge.es.rest.path-prefix/>
+		<inge.es.user/>
+		<inge.es.rest.path-prefix/>
 		<inge.filestorage.filesystem_path>/standalone/data/inge_files/</inge.filestorage.filesystem_path>
 		<inge.filestorage.oai.filesystem_path>/standalone/data/inge_oai_files/</inge.filestorage.oai.filesystem_path>
 		<inge.filestorage.seaweed_direct_submit_path>/submit</inge.filestorage.seaweed_direct_submit_path>
@@ -995,8 +995,8 @@
 		<inge.pubman.instance.context.path>/pubman</inge.pubman.instance.context.path>
 		<inge.pubman.item.pattern>/item/$1</inge.pubman.item.pattern>
 		<inge.pubman.presentation.url>/pubman/resources/cssFramework/main.css</inge.pubman.presentation.url>
-		<inge.pubman.root.organization.name />
-		<inge.pubman.root.organization.id />
+		<inge.pubman.root.organization.name/>
+		<inge.pubman.root.organization.id/>
 		<inge.pubman.sitemap.max.items>50000</inge.pubman.sitemap.max.items>
 		<inge.pubman.sitemap.retrieve.items>1000</inge.pubman.sitemap.retrieve.items>
 		<inge.pubman.stylesheet.url>/pubman/resources/cssFramework/themes/skin_MPG/styles/theme.css</inge.pubman.stylesheet.url>
@@ -1048,7 +1048,7 @@
 		<inge.transformation.wos.stylesheet.filename>transformations/otherFormats/xslt/wosxml2escidoc.xsl</inge.transformation.wos.stylesheet.filename>
 		<inge.transformation.zfn.configuration.filename>transformations/standardFormats/conf/zfn.properties</inge.transformation.zfn.configuration.filename>
 		<inge.transformation.zfn.stylesheet.filename>transformations/standardFormats/xslt/zfn_tei2escidoc-publication-item.xsl</inge.transformation.zfn.stylesheet.filename>
-		<inge.rest.access-control-allowed-origins />
+		<inge.rest.access-control-allowed-origins/>
 		<jdk.version>21</jdk.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<xsd.core.properties>http://escidoc.de/core/01/properties/</xsd.core.properties>
@@ -1142,7 +1142,7 @@
 				<inge.pid.service.url>https://test.doi.mpdl.mpg.de</inge.pid.service.url>
 				<inge.pubman.instance.url>https://dev.inge.mpdl.mpg.de</inge.pubman.instance.url>
 				<inge.rest.development.enabled>false</inge.rest.development.enabled>
-				<inge.rest.development.file_url />
+				<inge.rest.development.file_url/>
 				<inge.rest.service.url>https://dev.inge.mpdl.mpg.de/rest</inge.rest.service.url>
 				<jboss.deploy.port>8889</jboss.deploy.port>
 				<jboss.host>vm44.mpdl.mpg.de</jboss.host>
@@ -1279,7 +1279,7 @@
 												</goals>
 											</pluginExecutionFilter>
 											<action>
-												<ignore />
+												<ignore/>
 											</action>
 										</pluginExecution>
 
@@ -1299,7 +1299,7 @@
 												</goals>
 											</pluginExecutionFilter>
 											<action>
-												<ignore />
+												<ignore/>
 											</action>
 										</pluginExecution>
 									</pluginExecutions>

From 8745156dede14001df99031c40ede86c8f2055f1 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 21 Apr 2026 10:15:15 +0000
Subject: [PATCH 2/3] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967727
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804

From 8cb1438c5e782f01f80157a848b8fd1bcce0743f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 21 Apr 2026 10:15:33 +0000
Subject: [PATCH 3/3] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967727
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967769
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-15967804