summaryrefslogtreecommitdiff
path: root/build.gradle.kts
diff options
context:
space:
mode:
Diffstat (limited to 'build.gradle.kts')
-rw-r--r--build.gradle.kts19
1 files changed, 8 insertions, 11 deletions
diff --git a/build.gradle.kts b/build.gradle.kts
index 61ca3ed..36b7b29 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -4,10 +4,10 @@ import org.springframework.boot.gradle.tasks.bundling.BootBuildImage
plugins {
war
- id("org.springframework.boot") version "3.1.2"
+ id("org.springframework.boot") version "3.1.3"
id("io.spring.dependency-management") version "1.1.3"
- kotlin("jvm") version "1.9.0"
- kotlin("plugin.spring") version "1.9.0"
+ kotlin("jvm") version "1.9.10"
+ kotlin("plugin.spring") version "1.9.10"
}
group = "de.ukw.ccc"
@@ -20,6 +20,10 @@ var versions = mapOf(
"mockito-kotlin" to "5.1.0"
)
+// Override Apache Kafka to be used
+// Fixes: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
+extra["kafka.version"] = "3.5.1"
+
java {
sourceCompatibility = JavaVersion.VERSION_17
}
@@ -55,14 +59,7 @@ dependencies {
implementation("org.springframework.boot:spring-boot-starter-web")
implementation("org.springframework.boot:spring-boot-starter-data-jdbc")
implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
- implementation("org.springframework.kafka:spring-kafka"){
- // CVE-2023-34453, CVE-2023-34454, CVE-2023-34455
- exclude( "org.xerial.snappy:snappy-java")
- // CVE-2022-1471
- exclude("org.yaml:snakeyaml")
- }
- // fixes CVE-2023-34453, CVE-2023-34454, CVE-2023-34455
- implementation("org.xerial.snappy:snappy-java:1.1.10.3")
+ implementation("org.springframework.kafka:spring-kafka")
// fix CVE-2022-1471
implementation("org.yaml:snakeyaml:2.1")
implementation("org.flywaydb:flyway-mysql")