security fixes test

2025-08-26 14:19:24 +00:00 · 2025-08-05 13:37:25 +01:00 · 2025-08-05 13:37:25 +01:00 · 2c6f27a0b0
commit 2c6f27a0b0
parent 6634b5d6e4
5 changed files with 17 additions and 1 deletions
--- a/2
+++ b/2
@ -55,6 +55,8 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    openssl \
    openssl-dev \
    openjdk21-jre \
+    # Security updates
+    libjxl@testing \
    # Doc conversion
    gcompat \
    libc6-compat \
--- a/Dockerfile.fat
+++ b/Dockerfile.fat
@ -69,6 +69,8 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a
    openssl \
    openssl-dev \
    openjdk21-jre \
+    # Security updates
+    libjxl@testing \
    # Doc conversion
    gcompat \
    libc6-compat \
--- a/Dockerfile.ultra-lite
+++ b/Dockerfile.ultra-lite
@ -36,7 +36,9 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        curl \
        shadow \
        su-exec \
-        openjdk21-jre && \
+        openjdk21-jre \
+        # Security updates
+        libjxl@testing && \
    # User permissions
    mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto /tmp/stirling-pdf /pipeline/watchedFolders /pipeline/finishedFolders && \
    chmod +x /scripts/*.sh && \
--- a/app/proprietary/build.gradle
+++ b/app/proprietary/build.gradle
@ -56,6 +56,9 @@ dependencies {
        implementation "org.opensaml:opensaml-core:$openSamlVersion"
        implementation "org.opensaml:opensaml-saml-api:$openSamlVersion"
        implementation "org.opensaml:opensaml-saml-impl:$openSamlVersion"
+        // Security vulnerability fixes - remove when parent dependencies update
+        implementation 'com.nimbusds:nimbus-jose-jwt:10.0.2' // CVE-2025-53864 - from spring-boot-starter-oauth2-client
+        implementation 'com.google.guava:guava:33.4.8-jre' // CVE-2023-2976, CVE-2020-8908 - from OpenSAML dependencies above
    }
    implementation 'com.coveo:saml-client:5.0.0'
 }
--- a/build.gradle
+++ b/build.gradle
@ -128,6 +128,13 @@ subprojects {
        imports {
            mavenBom "org.springframework.boot:spring-boot-dependencies:$springBootVersion"
        }
+        dependencies {
+            // Security vulnerability fixes - remove when Spring Security updates these
+            dependency 'com.nimbusds:nimbus-jose-jwt:10.0.2' // CVE-2025-53864 - from spring-boot-starter-oauth2-client
+            dependency 'com.google.guava:guava:33.4.8-jre' // CVE-2023-2976, CVE-2020-8908 - from OpenSAML dependencies
+            dependency 'commons-io:commons-io:2.14.0' // CVE-2024-47554 - from various dependencies
+            dependency 'org.apache.commons:commons-lang3:3.18.0' // CVE-2025-48924 - from transitive dependencies
+        }
    }

    dependencies {