Fix for PRODSEC-9583 and JSON and GSON Vulnerabilities (#67)

Alfresco · Oct 3, 2024 · 70d7c0c · 70d7c0c
1 parent 4e2981d
commit 70d7c0c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/surf/pom.xml b/surf/pom.xml
@@ -197,7 +197,7 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20230227</version>
+            <version>20240303</version>
         </dependency>
         <dependency>
             <groupId>commons-digester</groupId>

diff --git a/surf/spring-surf/spring-surf/pom.xml b/surf/spring-surf/spring-surf/pom.xml
@@ -70,12 +70,21 @@
                   <groupId>com.google.protobuf</groupId>
                   <artifactId>protobuf-java</artifactId>
                </exclusion>
+               <exclusion>
+                  <groupId>com.google.code.gson</groupId>
+                  <artifactId>gson</artifactId>
+               </exclusion>
             </exclusions>
          </dependency>
       <dependency>
          <groupId>com.google.protobuf</groupId>
          <artifactId>protobuf-java</artifactId>
-         <version>3.21.7</version>
+         <version>3.25.5</version>
+      </dependency>
+      <dependency>
+         <groupId>com.google.code.gson</groupId>
+         <artifactId>gson</artifactId>
+         <version>2.8.9</version>
       </dependency>
       <!-- This is used for the LESS CSS processing. It allows us to include LESS code in both
            the Theme XML files and in widget CSS files. We deliberately exclude it's preferred