Skip to content

Blackduck scan fixes#523

Open
yashmeet29 wants to merge 3 commits into
developfrom
SDMEXT-blackduckScanFix-feature
Open

Blackduck scan fixes#523
yashmeet29 wants to merge 3 commits into
developfrom
SDMEXT-blackduckScanFix-feature

Conversation

@yashmeet29

Copy link
Copy Markdown
Contributor

Describe your changes

  • Upgrade Spring Boot from 3.3.1 / 3.2.6 → 3.5.16 across all sample app modules (single-tenant demoapp and multi-tenant cloud-cap-samples-java, both central-space and personal-space)

  • Bump Jackson (jackson-databind, jackson-core) from 2.18.6 → 2.22.0 in the root sdm/pom.xml and multi-tenant srv POMs

  • Pin Netty BOM to 4.2.15.Final via dependencyManagement in all four sample app parent POMs to remediate Netty CVEs flagged by BlackDuck

  • Pin Bouncy Castle (bcprov-jdk18on, bcpkix-jdk18on) to 1.84 in all four sample app parent POMs to remediate Bouncy Castle CVEs flagged by BlackDuck

  • Force H2 database to 2.4.240 explicitly in the two single-tenant demoapp srv/pom.xml files

  • Force safe transitive versions in the multi-tenant cloud-cap-samples-java/srv/pom.xml via a new dependencyManagement block covering: Kotlin stdlib (2.4.0), OpenTelemetry API/context (1.63.0), Spring Security modules (6.5.11), Logback (1.5.35), Nimbus JOSE+JWT (10.9.1), and Spring Boot core (3.5.15)

Type of change

  • Blackduck Scan fix (non-breaking change which fixes an issue)

Checklist before requesting a review

  • I follow Java Development Guidelines for SAP
  • I have tested the functionality on my cloud environment.
  • I have provided sufficient automated/ unit tests for the code.
  • I have increased or maintained the test coverage.
  • I have ran integration tests on my cloud environment.
  • I have validated blackduck portal for any vulnerability after my commit.

Upload Screenshots/lists of the scenarios tested

  • I have Uploaded Screenshots or added lists of the scenarios tested in description

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants