diff options
Diffstat (limited to 'build.gradle.kts')
| -rw-r--r-- | build.gradle.kts | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/build.gradle.kts b/build.gradle.kts index 61ca3ed..36b7b29 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,10 +4,10 @@ import org.springframework.boot.gradle.tasks.bundling.BootBuildImage plugins { war - id("org.springframework.boot") version "3.1.2" + id("org.springframework.boot") version "3.1.3" id("io.spring.dependency-management") version "1.1.3" - kotlin("jvm") version "1.9.0" - kotlin("plugin.spring") version "1.9.0" + kotlin("jvm") version "1.9.10" + kotlin("plugin.spring") version "1.9.10" } group = "de.ukw.ccc" @@ -20,6 +20,10 @@ var versions = mapOf( "mockito-kotlin" to "5.1.0" ) +// Override Apache Kafka to be used +// Fixes: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 +extra["kafka.version"] = "3.5.1" + java { sourceCompatibility = JavaVersion.VERSION_17 } @@ -55,14 +59,7 @@ dependencies { implementation("org.springframework.boot:spring-boot-starter-web") implementation("org.springframework.boot:spring-boot-starter-data-jdbc") implementation("com.fasterxml.jackson.module:jackson-module-kotlin") - implementation("org.springframework.kafka:spring-kafka"){ - // CVE-2023-34453, CVE-2023-34454, CVE-2023-34455 - exclude( "org.xerial.snappy:snappy-java") - // CVE-2022-1471 - exclude("org.yaml:snakeyaml") - } - // fixes CVE-2023-34453, CVE-2023-34454, CVE-2023-34455 - implementation("org.xerial.snappy:snappy-java:1.1.10.3") + implementation("org.springframework.kafka:spring-kafka") // fix CVE-2022-1471 implementation("org.yaml:snakeyaml:2.1") implementation("org.flywaydb:flyway-mysql") |
