From c0e836dc8ec1b47de01ba2ae955715e76a48feaa Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@devolo.de>
Date: Fri, 8 Nov 2019 14:55:07 +0100
Subject: Update MINA to version 2.0.21.

This includes a fix in MINA to a CVE.
---
 .classpath  | 2 +-
 build.moxie | 2 +-
 gitblit.iml | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.classpath b/.classpath
index 86ac165c..46210ac3 100644
--- a/.classpath
+++ b/.classpath
@@ -55,7 +55,7 @@
 	<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.57.jar" sourcepath="ext/src/bcmail-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.57.jar" sourcepath="ext/src/bcpkix-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/sshd-core-1.0.0.jar" sourcepath="ext/src/sshd-core-1.0.0.jar" />
-	<classpathentry kind="lib" path="ext/mina-core-2.0.9.jar" sourcepath="ext/src/mina-core-2.0.9.jar" />
+	<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" />
 	<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" />
 	<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" />
 	<classpathentry kind="lib" path="ext/gson-2.3.1.jar" sourcepath="ext/src/gson-2.3.1.jar" />
diff --git a/build.moxie b/build.moxie
index b8dc3efc..85e2f492 100644
--- a/build.moxie
+++ b/build.moxie
@@ -113,7 +113,7 @@ properties: {
   selenium.version : 2.28.0
   wikitext.version : 1.4
   sshd.version: 1.0.0
-  mina.version: 2.0.9
+  mina.version: 2.0.21
   guice.version : 4.0
   # Gitblit maintains a fork of guice-servlet
   guice-servlet.version : 4.0-gb2
diff --git a/gitblit.iml b/gitblit.iml
index b82a27b1..f935fc17 100644
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -552,13 +552,13 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="mina-core-2.0.9.jar">
+      <library name="mina-core-2.0.21.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/mina-core-2.0.9.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/mina-core-2.0.21.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.9.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.21.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
-- 
cgit v1.2.3


From abb041d2035e36c23191cf3c71640839e7708f8d Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@devolo.de>
Date: Fri, 8 Nov 2019 17:26:06 +0100
Subject: Update SSHD dependency to version 1.1.0.

---
 .classpath                                                   |  2 +-
 build.moxie                                                  |  2 +-
 gitblit.iml                                                  |  6 +++---
 src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java  |  2 +-
 src/main/java/com/gitblit/transport/ssh/SshDaemon.java       |  4 ++--
 .../com/gitblit/transport/ssh/SshServerSessionFactory.java   | 10 ++++++----
 src/test/java/com/gitblit/tests/SshDaemonTest.java           |  5 +++--
 src/test/java/com/gitblit/tests/SshUnitTest.java             | 12 ++++++++----
 8 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/.classpath b/.classpath
index 46210ac3..de9f9172 100644
--- a/.classpath
+++ b/.classpath
@@ -54,7 +54,7 @@
 	<classpathentry kind="lib" path="ext/bcprov-jdk15on-1.57.jar" sourcepath="ext/src/bcprov-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.57.jar" sourcepath="ext/src/bcmail-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.57.jar" sourcepath="ext/src/bcpkix-jdk15on-1.57.jar" />
-	<classpathentry kind="lib" path="ext/sshd-core-1.0.0.jar" sourcepath="ext/src/sshd-core-1.0.0.jar" />
+	<classpathentry kind="lib" path="ext/sshd-core-1.1.0.jar" sourcepath="ext/src/sshd-core-1.1.0.jar" />
 	<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" />
 	<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" />
 	<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" />
diff --git a/build.moxie b/build.moxie
index 85e2f492..9deb2fbd 100644
--- a/build.moxie
+++ b/build.moxie
@@ -112,7 +112,7 @@ properties: {
   bouncycastle.version : 1.57
   selenium.version : 2.28.0
   wikitext.version : 1.4
-  sshd.version: 1.0.0
+  sshd.version: 1.1.0
   mina.version: 2.0.21
   guice.version : 4.0
   # Gitblit maintains a fork of guice-servlet
diff --git a/gitblit.iml b/gitblit.iml
index f935fc17..07dc10a9 100644
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -541,13 +541,13 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="sshd-core-1.0.0.jar">
+      <library name="sshd-core-1.1.0.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/sshd-core-1.0.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/sshd-core-1.1.0.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.0.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.1.0.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
diff --git a/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java b/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java
index c62c4dee..45b692db 100644
--- a/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java
+++ b/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java
@@ -212,7 +212,7 @@ public class LdapKeyManager extends IPublicKeyManager {
 					List<SshKey> keyList = new ArrayList<>(authorizedKeys.size());
 					for (GbAuthorizedKeyEntry keyEntry : authorizedKeys) {
 						try {
-							SshKey key = new SshKey(keyEntry.resolvePublicKey());
+							SshKey key = new SshKey(keyEntry.resolvePublicKey(null));
 							key.setComment(keyEntry.getComment());
 							setKeyPermissions(key, keyEntry);
 							keyList.add(key);
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index 5a053781..63fa51dd 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -31,7 +31,7 @@ import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.apache.sshd.server.SshServer;
-import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator;
+import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator;
 import org.bouncycastle.openssl.PEMWriter;
 import org.eclipse.jgit.internal.JGitText;
 import org.slf4j.Logger;
@@ -158,7 +158,7 @@ public class SshDaemon {
 			log.info("SSH: adding GSSAPI authentication method.");
 		}
 
-		sshd.setSessionFactory(new SshServerSessionFactory());
+		sshd.setSessionFactory(new SshServerSessionFactory(sshd));
 		sshd.setFileSystemFactory(new DisabledFilesystemFactory());
 		sshd.setTcpipForwardingFilter(new NonForwardingFilter());
 		sshd.setCommandFactory(new SshCommandFactory(gitblit, workQueue));
diff --git a/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java b/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java
index bc67cec0..fb85781a 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java
@@ -22,7 +22,8 @@ import org.apache.sshd.common.future.CloseFuture;
 import org.apache.sshd.common.future.SshFutureListener;
 import org.apache.sshd.common.io.IoSession;
 import org.apache.sshd.common.io.mina.MinaSession;
-import org.apache.sshd.common.session.AbstractSession;
+import org.apache.sshd.server.ServerFactoryManager;
+import org.apache.sshd.server.session.ServerSessionImpl;
 import org.apache.sshd.server.session.SessionFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -36,11 +37,12 @@ public class SshServerSessionFactory extends SessionFactory {
 
 	private final Logger log = LoggerFactory.getLogger(getClass());
 
-	public SshServerSessionFactory() {
+	public SshServerSessionFactory(ServerFactoryManager server) {
+		super(server);
 	}
 
 	@Override
-	protected AbstractSession createSession(final IoSession io) throws Exception {
+	protected ServerSessionImpl createSession(final IoSession io) throws Exception {
 		log.info("creating ssh session from {}", io.getRemoteAddress());
 
 		if (io instanceof MinaSession) {
@@ -66,7 +68,7 @@ public class SshServerSessionFactory extends SessionFactory {
 	}
 
 	@Override
-	protected AbstractSession doCreateSession(IoSession ioSession) throws Exception {
+	protected ServerSessionImpl doCreateSession(IoSession ioSession) throws Exception {
 		return new SshServerSession(getServer(), ioSession);
 	}
 }
diff --git a/src/test/java/com/gitblit/tests/SshDaemonTest.java b/src/test/java/com/gitblit/tests/SshDaemonTest.java
index c5deb7d5..c7d06198 100644
--- a/src/test/java/com/gitblit/tests/SshDaemonTest.java
+++ b/src/test/java/com/gitblit/tests/SshDaemonTest.java
@@ -44,9 +44,9 @@ public class SshDaemonTest extends SshUnitTest {
 	@Test
 	public void testPublicKeyAuthentication() throws Exception {
 		SshClient client = getClient();
-		ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).await().getSession();
+		ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).verify().getSession();
 		session.addPublicKeyIdentity(rwKeyPair);
-		assertTrue(session.auth().await().isSuccess());
+		assertTrue(session.auth().await());
 	}
 
 	@Test
@@ -64,6 +64,7 @@ public class SshDaemonTest extends SshUnitTest {
 
 		// set clone restriction
 		RepositoryModel model = repositories().getRepositoryModel("ticgit.git");
+		assertNotNull("Could not get repository modle for ticgit.git", model);
 		model.accessRestriction = AccessRestrictionType.CLONE;
 		model.authorizationControl = AuthorizationControl.NAMED;
 		repositories().updateRepositoryModel(model.name, model, false);
diff --git a/src/test/java/com/gitblit/tests/SshUnitTest.java b/src/test/java/com/gitblit/tests/SshUnitTest.java
index 27b4ec73..dd354d85 100644
--- a/src/test/java/com/gitblit/tests/SshUnitTest.java
+++ b/src/test/java/com/gitblit/tests/SshUnitTest.java
@@ -24,11 +24,13 @@ import java.net.SocketAddress;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.PublicKey;
+import java.util.EnumSet;
 import java.util.concurrent.atomic.AtomicBoolean;
 
-import org.apache.sshd.client.ServerKeyVerifier;
 import org.apache.sshd.client.SshClient;
 import org.apache.sshd.client.channel.ClientChannel;
+import org.apache.sshd.client.future.AuthFuture;
+import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
 import org.apache.sshd.client.session.ClientSession;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.junit.After;
@@ -112,9 +114,11 @@ public abstract class SshUnitTest extends GitblitUnitTest {
 
 	protected String testSshCommand(String cmd, String stdin) throws IOException, InterruptedException {
 		SshClient client = getClient();
-		ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).await().getSession();
+		ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).verify().getSession();
 		session.addPublicKeyIdentity(rwKeyPair);
-		assertTrue(session.auth().await().isSuccess());
+		AuthFuture authFuture = session.auth();
+		assertTrue(authFuture.await());
+		assertTrue(authFuture.isSuccess());
 
 		ClientChannel channel = session.createChannel(ClientChannel.CHANNEL_EXEC, cmd);
 		ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -131,7 +135,7 @@ public abstract class SshUnitTest extends GitblitUnitTest {
 		channel.setErr(err);
 		channel.open();
 
-		channel.waitFor(ClientChannel.CLOSED, 0);
+		channel.waitFor(EnumSet.of(ClientChannel.ClientChannelEvent.CLOSED), 0);
 
 		String result = out.toString().trim();
 		channel.close(false);
-- 
cgit v1.2.3


From 15dda8f5c6238710626e1091d4c98fe457d55d4d Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@devolo.de>
Date: Fri, 8 Nov 2019 19:19:54 +0100
Subject: Update SSHD dependency to version 1.2.0.

---
 .classpath                                               |  2 +-
 build.moxie                                              |  2 +-
 gitblit.iml                                              |  6 +++---
 .../java/com/gitblit/transport/ssh/LdapKeyManager.java   |  2 +-
 .../com/gitblit/transport/ssh/NonForwardingFilter.java   |  2 +-
 .../java/com/gitblit/transport/ssh/SshDaemonClient.java  |  2 +-
 src/test/java/com/gitblit/tests/SshUnitTest.java         | 16 +++++++++++++++-
 7 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/.classpath b/.classpath
index de9f9172..72a6b6c3 100644
--- a/.classpath
+++ b/.classpath
@@ -54,7 +54,7 @@
 	<classpathentry kind="lib" path="ext/bcprov-jdk15on-1.57.jar" sourcepath="ext/src/bcprov-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.57.jar" sourcepath="ext/src/bcmail-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.57.jar" sourcepath="ext/src/bcpkix-jdk15on-1.57.jar" />
-	<classpathentry kind="lib" path="ext/sshd-core-1.1.0.jar" sourcepath="ext/src/sshd-core-1.1.0.jar" />
+	<classpathentry kind="lib" path="ext/sshd-core-1.2.0.jar" sourcepath="ext/src/sshd-core-1.2.0.jar" />
 	<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" />
 	<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" />
 	<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" />
diff --git a/build.moxie b/build.moxie
index 9deb2fbd..5f5aa63e 100644
--- a/build.moxie
+++ b/build.moxie
@@ -112,7 +112,7 @@ properties: {
   bouncycastle.version : 1.57
   selenium.version : 2.28.0
   wikitext.version : 1.4
-  sshd.version: 1.1.0
+  sshd.version: 1.2.0
   mina.version: 2.0.21
   guice.version : 4.0
   # Gitblit maintains a fork of guice-servlet
diff --git a/gitblit.iml b/gitblit.iml
index 07dc10a9..44d79c53 100644
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -541,13 +541,13 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="sshd-core-1.1.0.jar">
+      <library name="sshd-core-1.2.0.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/sshd-core-1.1.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/sshd-core-1.2.0.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.1.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.2.0.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
diff --git a/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java b/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java
index 45b692db..9b494027 100644
--- a/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java
+++ b/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java
@@ -26,9 +26,9 @@ import java.util.TreeMap;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
 import org.apache.sshd.common.config.keys.KeyUtils;
 import org.apache.sshd.common.util.GenericUtils;
-import org.apache.sshd.server.config.keys.AuthorizedKeyEntry;
 
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
diff --git a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
index 29f7750d..f2176cb0 100644
--- a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
+++ b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
@@ -15,8 +15,8 @@
  */
 package com.gitblit.transport.ssh;
 
-import org.apache.sshd.common.SshdSocketAddress;
 import org.apache.sshd.common.session.Session;
+import org.apache.sshd.common.util.net.SshdSocketAddress;
 import org.apache.sshd.server.forward.ForwardingFilter;
 
 public class NonForwardingFilter implements ForwardingFilter {
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java b/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java
index af25251b..7024a9a9 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java
@@ -17,7 +17,7 @@ package com.gitblit.transport.ssh;
 
 import java.net.SocketAddress;
 
-import org.apache.sshd.common.session.Session.AttributeKey;
+import org.apache.sshd.common.AttributeStore.AttributeKey;
 
 import com.gitblit.models.UserModel;
 
diff --git a/src/test/java/com/gitblit/tests/SshUnitTest.java b/src/test/java/com/gitblit/tests/SshUnitTest.java
index dd354d85..075ab43a 100644
--- a/src/test/java/com/gitblit/tests/SshUnitTest.java
+++ b/src/test/java/com/gitblit/tests/SshUnitTest.java
@@ -21,6 +21,7 @@ import java.io.IOException;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.net.SocketAddress;
+import java.security.GeneralSecurityException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.PublicKey;
@@ -29,9 +30,12 @@ import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.apache.sshd.client.SshClient;
 import org.apache.sshd.client.channel.ClientChannel;
+import org.apache.sshd.client.channel.ClientChannelEvent;
+import org.apache.sshd.client.config.keys.ClientIdentityLoader;
 import org.apache.sshd.client.future.AuthFuture;
 import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
 import org.apache.sshd.client.session.ClientSession;
+import org.apache.sshd.common.config.keys.FilePasswordProvider;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.junit.After;
 import org.junit.AfterClass;
@@ -98,6 +102,16 @@ public abstract class SshUnitTest extends GitblitUnitTest {
 
 	protected SshClient getClient() {
 		SshClient client = SshClient.setUpDefaultClient();
+		client.setClientIdentityLoader(new ClientIdentityLoader() {	// Ignore the files under ~/.ssh
+				@Override
+				public boolean isValidLocation(String location) throws IOException {
+					return true;
+				}
+				@Override
+				public KeyPair loadClientIdentity(String location, FilePasswordProvider provider) throws IOException, GeneralSecurityException {
+					return null;
+				}
+			});
 		client.setServerKeyVerifier(new ServerKeyVerifier() {
 			@Override
 			public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
@@ -135,7 +149,7 @@ public abstract class SshUnitTest extends GitblitUnitTest {
 		channel.setErr(err);
 		channel.open();
 
-		channel.waitFor(EnumSet.of(ClientChannel.ClientChannelEvent.CLOSED), 0);
+		channel.waitFor(EnumSet.of(ClientChannelEvent.CLOSED, ClientChannelEvent.EOF), 0);
 
 		String result = out.toString().trim();
 		channel.close(false);
-- 
cgit v1.2.3


From bca2cd21d1798eadbeef0a055f7d5bc8df78a846 Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@devolo.de>
Date: Fri, 8 Nov 2019 19:48:05 +0100
Subject: Update SLF4J dependency to latest version 1.7.29.

---
 .classpath  |  4 ++--
 build.moxie |  2 +-
 gitblit.iml | 12 ++++++------
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.classpath b/.classpath
index 72a6b6c3..c88d59f1 100644
--- a/.classpath
+++ b/.classpath
@@ -13,8 +13,8 @@
 	<classpathentry kind="lib" path="ext/guice-servlet-4.0-gb2.jar" sourcepath="ext/src/guice-servlet-4.0-gb2.jar" />
 	<classpathentry kind="lib" path="ext/annotations-12.0.jar" sourcepath="ext/src/annotations-12.0.jar" />
 	<classpathentry kind="lib" path="ext/log4j-1.2.17.jar" sourcepath="ext/src/log4j-1.2.17.jar" />
-	<classpathentry kind="lib" path="ext/slf4j-api-1.7.12.jar" sourcepath="ext/src/slf4j-api-1.7.12.jar" />
-	<classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.12.jar" sourcepath="ext/src/slf4j-log4j12-1.7.12.jar" />
+	<classpathentry kind="lib" path="ext/slf4j-api-1.7.29.jar" sourcepath="ext/src/slf4j-api-1.7.29.jar" />
+	<classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.29.jar" sourcepath="ext/src/slf4j-log4j12-1.7.29.jar" />
 	<classpathentry kind="lib" path="ext/javax.mail-1.5.1.jar" sourcepath="ext/src/javax.mail-1.5.1.jar" />
 	<classpathentry kind="lib" path="ext/javax.servlet-api-3.1.0.jar" sourcepath="ext/src/javax.servlet-api-3.1.0.jar" />
 	<classpathentry kind="lib" path="ext/jetty-all-9.2.13.v20150730.jar" sourcepath="ext/src/jetty-all-9.2.13.v20150730.jar" />
diff --git a/build.moxie b/build.moxie
index 5f5aa63e..ece12a15 100644
--- a/build.moxie
+++ b/build.moxie
@@ -104,7 +104,7 @@ repositories: central, eclipse-snapshots, eclipse, gitblit
 # Convenience properties for dependencies
 properties: {
   jetty.version  : 9.2.13.v20150730
-  slf4j.version  : 1.7.12
+  slf4j.version  : 1.7.29
   wicket.version : 1.4.22
   lucene.version : 5.5.2
   jgit.version   : 4.1.1.201511131810-r
diff --git a/gitblit.iml b/gitblit.iml
index 44d79c53..74e8cae7 100644
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -92,24 +92,24 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="slf4j-api-1.7.12.jar">
+      <library name="slf4j-api-1.7.29.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.12.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.29.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.12.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.29.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="slf4j-log4j12-1.7.12.jar">
+      <library name="slf4j-log4j12-1.7.29.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.12.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.29.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.12.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.29.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
-- 
cgit v1.2.3