diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index a2f9c75..0d8da1d 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -20,7 +20,7 @@ jobs:
restore-keys: ${{ env.cache-name }}-
- uses: actions/setup-java@v1
with:
- java-version: 11
+ java-version: 17
- name: environment
run: |
sudo apt-get install --yes --no-install-recommends libxml-xpath-perl
diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml
index e4cde91..26111ab 100644
--- a/.github/workflows/ci-pull-request.yml
+++ b/.github/workflows/ci-pull-request.yml
@@ -7,11 +7,11 @@ on:
- reopened
jobs:
build:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
@@ -31,7 +31,7 @@ jobs:
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 9635fcf..166043e 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -30,7 +30,7 @@ jobs:
restore-keys: ${{ env.cache-name }}-
- uses: actions/setup-java@v1
with:
- java-version: 11
+ java-version: 17
- name: version
run: >-
APP_SHA=$(git rev-parse --short ${GITHUB_SHA});
diff --git a/README.md b/README.md
index 5b02737..1dc01f8 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ In either case open a terminal pointing to the directory you put the sources in.
#### Maven based build
This is the recommended way for taking part in the development.
Please check, whether following prerequisites are installed on your machine:
-- [Open JDK 11](https://openjdk.java.net) or a similar JDK 11 compatible VM
+- [Open JDK 17](https://adoptium.net) or a similar JDK 17 compatible VM
- [Maven](https://maven.apache.org)
## Documentation
diff --git a/keycloak/pom.xml b/keycloak/pom.xml
index 8daf18b..124ebaa 100644
--- a/keycloak/pom.xml
+++ b/keycloak/pom.xml
@@ -23,18 +23,21 @@
${project.parent.version}
pom
-
- org.keycloak
- keycloak-spring-boot-starter
+ org.springframework.boot
+ spring-boot-starter-oauth2-resource-server
+
+
+ org.springframework.boot
+ spring-boot-starter-security
com.c4-soft.springaddons
- spring-security-oauth2-test-addons
+ spring-addons-oauth2-test
com.c4-soft.springaddons
- spring-security-oauth2-test-webmvc-addons
+ spring-addons-webmvc-test
diff --git a/mysql-persistence/pom.xml b/mysql-persistence/pom.xml
index 14353c1..efbd2c1 100644
--- a/mysql-persistence/pom.xml
+++ b/mysql-persistence/pom.xml
@@ -32,8 +32,8 @@
h2
- mysql
- mysql-connector-java
+ com.mysql
+ mysql-connector-j
runtime
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index ac2f910..bb3e06e 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -1,36 +1,24 @@
-
-
- CVE is matching for Spring Security 5.3.x, but we have 5.7.x
- CVE-2020-5408
-
-
-
- CVE is matching for Spring Framework up to 5.3.20, but we have 5.3.21
- CVE-2016-1000027
-
-
- False Positive matches
- CVE-2022-31514
- CVE-2022-2393
+ Both CVE are matching for eclipse ide
+ CVE-2008-7271
+ CVE-2010-4647
- SnakeYML False Positive Matcher (CVE is up to 1.32, but also matches for 1.33)
- CVE-2022-38752
+ no YAML content from users is parsed within this service
+ CVE-2022-1471
- This CVE is only affecting Keycloak Server not the Lib. (https://bugzilla.redhat.com/show_bug.cgi?id=2141404)
- CVE-2022-3916
+ H2 is only used for testing, not production
+ CVE-2022-45868
- The affected libs are just used for unit-testing.
- CVE-2022-31690
- CVE-2022-31692
+ False positive. CVE is matching for hutools. OWASP Check matches for json-lib
+ CVE-2022-45688
diff --git a/pom.xml b/pom.xml
index 184bfcb..ea73790 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,12 +27,20 @@
- 11
- 11
- 11
+ 17
+ 17
+ 17
UTF-8
UTF-8
+
+ 3.0.2
+ 1.18.26
+ 1.5.3.Final
+ 5.1.0
+ 0.11.5
+ 3.5.1
+ 6.0.12
@@ -59,83 +67,26 @@
org.springframework.boot
spring-boot-dependencies
- 2.7.5
+ ${spring-boot.version}
pom
import
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
- org.yaml
- snakeyaml
-
-
- org.springframework.security
- spring-security-core
-
-
- org.springframework.security
- spring-security-web
-
-
- org.springframework.security
- spring-security-config
-
-
- org.springframework.security
- spring-security-crypto
-
-
-
-
- org.springframework.security
- spring-security-core
- 5.7.5
-
-
- org.springframework.security
- spring-security-web
- 5.7.5
-
-
- org.springframework.security
- spring-security-config
- 5.7.5
-
-
- org.springframework.security
- spring-security-crypto
- 5.7.5
-
-
-
- org.yaml
- snakeyaml
- 1.33
-
-
- com.fasterxml.jackson.core
- jackson-databind
- 2.14.0
org.springframework.cloud
spring-cloud-dependencies
- 2021.0.5
+ 2022.0.1
pom
import
org.springframework.cloud
- spring-cloud-starter-openfeign
- 3.1.5
+ spring-cloud-starter-sleuth
+ 3.1.6
org.springdoc
springdoc-openapi-ui
- 1.6.12
+ 1.6.14
@@ -143,7 +94,7 @@
org.projectlombok
lombok
- 1.18.24
+ ${lombok.version}
@@ -151,12 +102,12 @@
net.javacrumbs.shedlock
shedlock-spring
- 4.42.0
+ ${shedlock.version}
net.javacrumbs.shedlock
shedlock-provider-jdbc-template
- 4.42.0
+ ${shedlock.version}
@@ -177,23 +128,23 @@
io.jsonwebtoken
jjwt-api
- 0.11.5
+ ${jjwt.version}
io.jsonwebtoken
jjwt-impl
- 0.11.5
+ ${jjwt.version}
io.jsonwebtoken
jjwt-jackson
- 0.11.5
+ ${jjwt.version}
runtime
com.nimbusds
nimbus-jose-jwt
- 9.25.6
+ 9.30.1
@@ -201,7 +152,7 @@
org.liquibase
liquibase-core
- 4.17.2
+ 4.19.0
com.h2database
@@ -212,7 +163,7 @@
org.postgresql
postgresql
- 42.5.0
+ 42.5.3
@@ -228,7 +179,7 @@
eu.europa.ec.dgc
dgc-lib
- 1.3.3
+ 2.0.0
@@ -244,12 +195,12 @@
com.google.zxing
core
- 3.5.0
+ ${zxing.version}
com.google.zxing
javase
- 3.5.1
+ ${zxing.version}
@@ -261,25 +212,20 @@
-
- org.keycloak
- keycloak-spring-boot-starter
- 20.0.1
-
org.keycloak
keycloak-admin-client
- 20.0.1
+ 20.0.3
com.c4-soft.springaddons
- spring-security-oauth2-test-addons
- 3.1.19-jdk11
+ spring-addons-oauth2-test
+ ${springaddons.version}
com.c4-soft.springaddons
- spring-security-oauth2-test-webmvc-addons
- 3.1.19-jdk11
+ spring-addons-webmvc-test
+ ${springaddons.version}
@@ -287,14 +233,14 @@
org.modelmapper.extensions
modelmapper-spring
- 3.1.0
+ 3.1.1
com.amazonaws
aws-java-sdk-s3
- 1.12.344
+ 1.12.405
@@ -306,19 +252,19 @@
com.sap.cloud.sdk.cloudplatform
scp-cf
- 3.75.0
+ 4.7.0
com.sap.hcp.cf.logging
cf-java-logging-support-logback
- 3.6.2
+ 3.6.3
org.mapstruct
mapstruct
- 1.5.3.Final
+ ${mapstruct.version}
@@ -329,7 +275,7 @@
org.springframework.boot
spring-boot-maven-plugin
- 2.7.5
+ ${spring-boot.version}
@@ -343,7 +289,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.0.0-M7
+ 3.0.0-M8
@@ -355,12 +301,12 @@
org.projectlombok
lombok
- 1.18.24
+ ${lombok.version}
org.mapstruct
mapstruct-processor
- 1.5.3.Final
+ ${mapstruct.version}
@@ -369,7 +315,7 @@
org.apache.maven.plugins
maven-checkstyle-plugin
- 3.2.0
+ 3.2.1
codestyle/checkstyle.xml
target/**/*
@@ -412,7 +358,7 @@
org.codehaus.mojo
license-maven-plugin
- 4.1
+ 2.0.0
**/*.java
${project.organization.name} and all other contributors
@@ -434,9 +380,10 @@
org.owasp
dependency-check-maven
- 7.3.1
+ 8.0.2
./owasp/suppressions.xml
+ false
true
@@ -450,7 +397,7 @@
org.springframework.restdocs
spring-restdocs-asciidoctor
- 2.0.6.RELEASE
+ 3.0.0