diff options
| -rw-r--r-- | build.gradle.kts | 19 | ||||
| -rw-r--r-- | src/main/resources/application-dev.yml | 3 |
2 files changed, 8 insertions, 14 deletions
diff --git a/build.gradle.kts b/build.gradle.kts index 61ca3ed..36b7b29 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,10 +4,10 @@ import org.springframework.boot.gradle.tasks.bundling.BootBuildImage plugins { war - id("org.springframework.boot") version "3.1.2" + id("org.springframework.boot") version "3.1.3" id("io.spring.dependency-management") version "1.1.3" - kotlin("jvm") version "1.9.0" - kotlin("plugin.spring") version "1.9.0" + kotlin("jvm") version "1.9.10" + kotlin("plugin.spring") version "1.9.10" } group = "de.ukw.ccc" @@ -20,6 +20,10 @@ var versions = mapOf( "mockito-kotlin" to "5.1.0" ) +// Override Apache Kafka to be used +// Fixes: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 +extra["kafka.version"] = "3.5.1" + java { sourceCompatibility = JavaVersion.VERSION_17 } @@ -55,14 +59,7 @@ dependencies { implementation("org.springframework.boot:spring-boot-starter-web") implementation("org.springframework.boot:spring-boot-starter-data-jdbc") implementation("com.fasterxml.jackson.module:jackson-module-kotlin") - implementation("org.springframework.kafka:spring-kafka"){ - // CVE-2023-34453, CVE-2023-34454, CVE-2023-34455 - exclude( "org.xerial.snappy:snappy-java") - // CVE-2022-1471 - exclude("org.yaml:snakeyaml") - } - // fixes CVE-2023-34453, CVE-2023-34454, CVE-2023-34455 - implementation("org.xerial.snappy:snappy-java:1.1.10.3") + implementation("org.springframework.kafka:spring-kafka") // fix CVE-2022-1471 implementation("org.yaml:snakeyaml:2.1") implementation("org.flywaydb:flyway-mysql") diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index 3a055e8..dabe84b 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -6,9 +6,6 @@ spring: app: #rest: # uri: http://localhost:9000/bwhc/etl/api - - # Note: Make sure, hostname "kafka" points to 127.0.0.1 - # otherwise connection will not be available kafka: topic: test response-topic: test_response |
