From f40d750c006656fcfb332de8808cf63b17974ef8 Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Sun, 29 Aug 2021 21:07:38 +0200 Subject: [PATCH] Dependency changes and vulnerability check --- .../META-INF/owasp/cve-suppressions.xml | 19 ++ .../metadata-store-cassandra/pom.xml | 173 +----------------- .../repository/jcr/OakRepositoryFactory.java | 3 +- .../oak-jcr/oak-jcr-lucene/pom.xml | 9 + pom.xml | 6 +- 5 files changed, 37 insertions(+), 173 deletions(-) diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml index 2a3f08f77..c18030118 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml @@ -73,4 +73,23 @@ cpe:/a:jquery_file_upload_project:jquery_file_upload + + + ^pkg:maven/org\.jdom/jdom2@.*$ + cpe:/a:jdom:jdom + CVE-2021-33813 + + + + + ^pkg:maven/com\.datastax\.oss/native\-protocol@.*$ + cpe:/a:apache:cassandra + CVE-2020-13946 + diff --git a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml index 5ac5c6c3b..58bb31b62 100644 --- a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml +++ b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml @@ -31,7 +31,7 @@ ${project.parent.parent.basedir} - 4.0.0 + 3.11.10 4.13.0 @@ -103,85 +103,6 @@ modelmapper - - - org.apache.cassandra - cassandra-all - ${cassandraVersion} - test - - - log4j - log4j - - - org.slf4j - slf4j-log4j12 - - - org.slf4j - jcl-over-slf4j - - - ch.qos.logback - logback-core - - - org.mortbay.jetty - jetty - - - javax.servlet - servlet-api - - - org.slf4j - log4j-over-slf4j - - - ch.qos.logback - logback-classic - - - org.jboss.logging - jboss-logging - - - javax.inject - javax.inject - - - javax.validation - validation-api - - - com.fasterxml.jackson.core - jackson-core - - - - com.addthis.metrics - reporter-config3 - - - net.openhft - chronicle-wire - - - - - net.openhft - chronicle-wire - 2.21.89 - test - - com.datastax.oss java-driver-core @@ -198,93 +119,6 @@ ${datastax.driver.version} - - - - - - - - - @@ -352,6 +186,7 @@ true + org.codehaus.mojo @@ -432,7 +267,7 @@ num_tokens: 1 org.apache.cassandra cassandra-all - 3.11.10 + ${cassandraVersion} @@ -479,7 +314,6 @@ num_tokens: 1 org.apache.maven.plugins maven-surefire-plugin - true @@ -492,6 +326,7 @@ num_tokens: 1 src/cassandra/** + src/test/resources/cassandra-test.yaml diff --git a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java index a8cb1a700..84fa5149c 100644 --- a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java +++ b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java @@ -131,6 +131,7 @@ public class OakRepositoryFactory int cacheSizeInMB = 20; int cacheExpiryInSecs = 300; int threadPoolSize = 5; + long queueTimeOutMs = 60000; private StatisticsProvider statisticsProvider; @@ -281,7 +282,7 @@ public class OakRepositoryFactory log.info("Hybrid indexing feature disabled"); return; } - documentQueue = new DocumentQueue( queueSize, tracker, getExecutorService(), statisticsProvider); + documentQueue = new DocumentQueue( queueSize, queueTimeOutMs, tracker, getExecutorService(), statisticsProvider); LocalIndexObserver localIndexObserver = new LocalIndexObserver(documentQueue, statisticsProvider); int observerQueueSize = 1000; diff --git a/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml b/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml index 067be3eda..06f38aa5a 100644 --- a/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml +++ b/archiva-modules/metadata/metadata-store-provider/oak-jcr/oak-jcr-lucene/pom.xml @@ -81,6 +81,10 @@ org.apache.lucene lucene-suggest + + org.apache.tika + tika-core + @@ -113,6 +117,11 @@ org.apache.jackrabbit oak-search + + org.apache.tika + tika-core + 1.27 + diff --git a/pom.xml b/pom.xml index 3acfee383..403cc372b 100644 --- a/pom.xml +++ b/pom.xml @@ -64,8 +64,8 @@ - 1.12.1 - 1.13.1 + 1.14.2 + 1.16.0 9.1.3 4.10.4 @@ -74,7 +74,7 @@ 2.0 - 1.30.0 + 1.40.0 4.1.50.Final -- 2.39.5