Merge pull request #8349 from thingsboard/fix/vulnerabilities

fix vulnerabilities
2023-04-12 17:33:30 +03:00 · 2023-04-12 17:33:30 +03:00 · 4b0709567c
commit 4b0709567c
parent a137243301 46935d4517
3 changed files with 18 additions and 19 deletions
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationDetails.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationDetails.java
@ -20,7 +20,6 @@ import ua_parser.Client;
 import ua_parser.Parser;

 import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
 import java.io.Serializable;

@Data
@ -43,11 +42,7 @@ public class RestAuthenticationDetails implements Serializable {
    }

    private static Client getUserAgent(HttpServletRequest request) {
-        try {
-            Parser uaParser = new Parser();
-            return uaParser.parse(request.getHeader("User-Agent"));
-        } catch (IOException e) {
-            return new Client(null, null, null);
-        }
+        Parser uaParser = new Parser();
+        return uaParser.parse(request.getHeader("User-Agent"));
    }
 }
--- a/common/data/pom.xml
+++ b/common/data/pom.xml
@ -100,6 +100,10 @@
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
        </dependency>
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+        </dependency>
        <dependency>
            <groupId>io.swagger</groupId>
            <artifactId>swagger-annotations</artifactId>
--- a/pom.xml
+++ b/pom.xml
@ -39,13 +39,13 @@
        <javax-annotation.version>1.3.2</javax-annotation.version>
        <jakarta.xml.bind-api.version>2.3.2</jakarta.xml.bind-api.version>
        <jaxb-runtime.version>2.3.2</jaxb-runtime.version>
-        <spring-boot.version>2.7.0</spring-boot.version>
-        <spring-data.version>2.7.0</spring-data.version>
-        <spring.version>5.3.20</spring.version>
-        <spring-redis.version>5.5.12</spring-redis.version>
-        <spring-security.version>5.7.1</spring-security.version>
-        <spring-data-redis.version>2.7.0</spring-data-redis.version>
-        <jedis.version>3.7.1</jedis.version>
+        <spring-boot.version>2.7.10</spring-boot.version>
+        <spring-data.version>2.7.10</spring-data.version>
+        <spring.version>5.3.26</spring.version>
+        <spring-redis.version>5.5.17</spring-redis.version>
+        <spring-security.version>5.7.7</spring-security.version>
+        <spring-data-redis.version>2.7.10</spring-data-redis.version>
+        <jedis.version>3.8.0</jedis.version>
        <jjwt.version>0.7.0</jjwt.version>
        <slf4j.version>1.7.32</slf4j.version>
        <log4j.version>2.17.1</log4j.version>
@ -75,14 +75,14 @@
        <freemarker.version>2.3.30</freemarker.version>
        <mail.version>1.6.2</mail.version>
        <curator.version>4.2.0</curator.version>
-        <zookeeper.version>3.5.5</zookeeper.version>
+        <zookeeper.version>3.8.1</zookeeper.version>
        <protobuf.version>3.21.9</protobuf.version>
        <grpc.version>1.42.1</grpc.version>
        <tbel.version>1.0.6</tbel.version>
        <lombok.version>1.18.18</lombok.version>
        <paho.client.version>1.2.4</paho.client.version>
        <paho.mqttv5.client.version>1.2.5</paho.mqttv5.client.version>
-        <netty.version>4.1.75.Final</netty.version>
+        <netty.version>4.1.91.Final</netty.version>
        <netty-tcnative.version>2.0.51.Final</netty-tcnative.version>
        <os-maven-plugin.version>1.7.0</os-maven-plugin.version>
        <rabbitmq.version>4.8.0</rabbitmq.version>
@ -107,13 +107,13 @@
        <bucket4j.version>4.1.1</bucket4j.version>
        <fst.version>2.57</fst.version>
        <antlr.version>2.7.7</antlr.version>
-        <snakeyaml.version>1.27</snakeyaml.version>
+        <snakeyaml.version>2.0</snakeyaml.version>
        <aws.sdk.version>1.11.747</aws.sdk.version>
        <pubsub.client.version>1.105.0</pubsub.client.version>
        <google.common.protos.version>2.1.0</google.common.protos.version> <!-- required by io.grpc:grpc-protobuf:1.38.0-->
        <azure-servicebus.version>3.2.0</azure-servicebus.version>
        <passay.version>1.5.0</passay.version>
-        <ua-parser.version>1.4.3</ua-parser.version>
+        <ua-parser.version>1.5.4</ua-parser.version>
        <commons-beanutils.version>1.9.4</commons-beanutils.version>
        <commons-collections.version>3.2.2</commons-collections.version>
        <micrometer.version>1.9.0</micrometer.version>
@ -123,7 +123,7 @@
        <hibernate-validator.version>6.0.20.Final</hibernate-validator.version>
        <javax.el.version>3.0.0</javax.el.version>
        <javax.validation-api.version>2.0.1.Final</javax.validation-api.version>
-        <antisamy.version>1.6.8</antisamy.version>
+        <antisamy.version>1.7.2</antisamy.version>
        <snmp4j.version>2.8.5</snmp4j.version>
        <!--         TEST SCOPE         -->
        <awaitility.version>4.1.0</awaitility.version>