saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-08-26 14:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

security fixes test

Browse Source
This commit is contained in:
Anthony Stirling 2025-08-05 13:37:25 +01:00
parent 6634b5d6e4
commit 2c6f27a0b0
5 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -55,6 +55,8 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
openssl \ openssl \
openssl-dev \ openssl-dev \
openjdk21-jre \ openjdk21-jre \
# Security updates
libjxl@testing \
# Doc conversion # Doc conversion
gcompat \ gcompat \
libc6-compat \ libc6-compat \

2
Dockerfile.fat
View File

@ -69,6 +69,8 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
openssl \ openssl \
openssl-dev \ openssl-dev \
openjdk21-jre \ openjdk21-jre \
# Security updates
libjxl@testing \
# Doc conversion # Doc conversion
gcompat \ gcompat \
libc6-compat \ libc6-compat \

4
Dockerfile.ultra-lite
View File

@ -36,7 +36,9 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
curl \ curl \
shadow \ shadow \
su-exec \ su-exec \
openjdk21-jre && \ openjdk21-jre \
# Security updates
libjxl@testing && \
# User permissions # User permissions
mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto /tmp/stirling-pdf /pipeline/watchedFolders /pipeline/finishedFolders && \ mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto /tmp/stirling-pdf /pipeline/watchedFolders /pipeline/finishedFolders && \
chmod +x /scripts/*.sh && \ chmod +x /scripts/*.sh && \

3
app/proprietary/build.gradle
View File

@ -56,6 +56,9 @@ dependencies {
implementation "org.opensaml:opensaml-core:$openSamlVersion" implementation "org.opensaml:opensaml-core:$openSamlVersion"
implementation "org.opensaml:opensaml-saml-api:$openSamlVersion" implementation "org.opensaml:opensaml-saml-api:$openSamlVersion"
implementation "org.opensaml:opensaml-saml-impl:$openSamlVersion" implementation "org.opensaml:opensaml-saml-impl:$openSamlVersion"
// Security vulnerability fixes - remove when parent dependencies update
implementation 'com.nimbusds:nimbus-jose-jwt:10.0.2' // CVE-2025-53864 - from spring-boot-starter-oauth2-client
implementation 'com.google.guava:guava:33.4.8-jre' // CVE-2023-2976, CVE-2020-8908 - from OpenSAML dependencies above
} }
implementation 'com.coveo:saml-client:5.0.0' implementation 'com.coveo:saml-client:5.0.0'
} }

7
build.gradle
View File

@ -128,6 +128,13 @@ subprojects {
imports { imports {
mavenBom "org.springframework.boot:spring-boot-dependencies:$springBootVersion" mavenBom "org.springframework.boot:spring-boot-dependencies:$springBootVersion"
} }
dependencies {
// Security vulnerability fixes - remove when Spring Security updates these
dependency 'com.nimbusds:nimbus-jose-jwt:10.0.2' // CVE-2025-53864 - from spring-boot-starter-oauth2-client
dependency 'com.google.guava:guava:33.4.8-jre' // CVE-2023-2976, CVE-2020-8908 - from OpenSAML dependencies
dependency 'commons-io:commons-io:2.14.0' // CVE-2024-47554 - from various dependencies
dependency 'org.apache.commons:commons-lang3:3.18.0' // CVE-2025-48924 - from transitive dependencies
}
} }
dependencies { dependencies {