CORE-17117: Update version of commons-compress to address CVE-2023-42503 (#1281)

vkolomeyko · web-flow · commit 940389078982 · 2023-10-06T13:37:42.000+01:00
diff --git a/data/avro-schema/build.gradle b/data/avro-schema/build.gradle
@@ -15,6 +15,10 @@ dependencies {
         implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion") {
             because "required until new version of Avro available which updates Jackson"
         }
+
+        implementation("org.apache.commons:commons-compress:$commonsCompressVersion") {
+            because "CVE-2023-42503, current version of Avro uses an outdated version"
+        }
     }
 
     implementation platform(project(':corda-api'))
diff --git a/gradle.properties b/gradle.properties
@@ -42,6 +42,7 @@ slf4jVersion = 1.7.36
 # Main implementation dependencies
 avroGradlePluginVersion=1.3.0
 avroVersion = 1.11.3
+commonsCompressVersion = 1.24.0
 bouncycastleVersion = 1.73
 grgitPluginVersion = 5.2.0
 taskTreePluginVersion = 2.1.1

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,10 @@ dependencies {`
`15`	`15`	`implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion") {`
`16`	`16`	`because "required until new version of Avro available which updates Jackson"`
`17`	`17`	`}`
	`18`	`+`
	`19`	`+ implementation("org.apache.commons:commons-compress:$commonsCompressVersion") {`
	`20`	`+ because "CVE-2023-42503, current version of Avro uses an outdated version"`
	`21`	`+ }`
`18`	`22`	`}`
`19`	`23`
`20`	`24`	`implementation platform(project(':corda-api'))`