From 14157a834fb039a7d7d931ec9d0a7b8e037ff70a Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 25 Jul 2025 12:47:04 +0530 Subject: [PATCH 1/2] Multiple security fixes --- build.gradle | 4 ++-- httpClient/build.gradle | 2 +- .../artifactory/client/httpClient/http/HttpBuilderBase.java | 2 +- services/build.gradle | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index b800c09b..61a37026 100644 --- a/build.gradle +++ b/build.gradle @@ -63,11 +63,11 @@ subprojects { exclude group: 'commons-codec', module: 'commons-codec' } implementation 'commons-codec:commons-codec:1.13' - implementation 'org.apache.commons:commons-lang3:3.12.0' + implementation 'org.apache.commons:commons-lang3:3.18.0' implementation 'com.fasterxml.jackson.core:jackson-core:2.19.1' implementation 'com.fasterxml.jackson.core:jackson-databind:2.19.1' implementation 'com.fasterxml.jackson.core:jackson-annotations:2.19.1' - api 'org.jfrog.filespecs:file-specs-java:1.1.1' + api 'org.jfrog.filespecs:file-specs-java:1.1.2' } task sourcesJar(type: Jar, dependsOn: classes) { diff --git a/httpClient/build.gradle b/httpClient/build.gradle index 8c8dd627..7e4deeec 100644 --- a/httpClient/build.gradle +++ b/httpClient/build.gradle @@ -8,5 +8,5 @@ repositories { dependencies { testImplementation group: 'org.testng', name: 'testng', version: '7.5.1' - testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.1' + testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '3.0.1' } \ No newline at end of file diff --git a/httpClient/src/main/java/org/jfrog/artifactory/client/httpClient/http/HttpBuilderBase.java b/httpClient/src/main/java/org/jfrog/artifactory/client/httpClient/http/HttpBuilderBase.java index 349eb872..5be76fde 100644 --- a/httpClient/src/main/java/org/jfrog/artifactory/client/httpClient/http/HttpBuilderBase.java +++ b/httpClient/src/main/java/org/jfrog/artifactory/client/httpClient/http/HttpBuilderBase.java @@ -399,7 +399,7 @@ private SSLContext buildSslContext() { sslContext = sslBuilder.build(); } } catch (Exception e) { - e.printStackTrace(); + throw new RuntimeException("Error building SSLContext: " + e.getMessage(), e); } return sslContext != null ? sslContext : SSLContexts.createDefault(); } diff --git a/services/build.gradle b/services/build.gradle index 85d5b40f..d0ac6486 100644 --- a/services/build.gradle +++ b/services/build.gradle @@ -15,7 +15,7 @@ dependencies { * https://github.com/jfrog/artifactory-client-java/issues/43 * https://github.com/jfrog/artifactory-client-java/issues/232 */ - testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.9' + testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.15' } task createReleasePropertiesFile(type: Exec) { From a6b11172011743332aafb2321a17aec653c04bc1 Mon Sep 17 00:00:00 2001 From: Bhanu Reddy Date: Fri, 25 Jul 2025 16:14:27 +0530 Subject: [PATCH 2/2] Revert the version which is not available for java8 --- httpClient/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/httpClient/build.gradle b/httpClient/build.gradle index 7e4deeec..de6d80c6 100644 --- a/httpClient/build.gradle +++ b/httpClient/build.gradle @@ -8,5 +8,5 @@ repositories { dependencies { testImplementation group: 'org.testng', name: 'testng', version: '7.5.1' - testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '3.0.1' + testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.0' } \ No newline at end of file