From 472ba656f50f2372e3ace0163275c76192ea50fc Mon Sep 17 00:00:00 2001 From: Roman Szturc Date: Sun, 9 Mar 2025 19:57:10 +0100 Subject: [PATCH 1/5] Introduce jitpack.yml with Eclipse Temurin 17.0.5 --- jitpack.yml | 5 +++++ pom.xml | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 jitpack.yml diff --git a/jitpack.yml b/jitpack.yml new file mode 100644 index 0000000..8d8e4cc --- /dev/null +++ b/jitpack.yml @@ -0,0 +1,5 @@ +jdk: + - openjdk17 +before_install: + - sdk install java 17.0.5-tem + - sdk use java 17.0.5-tem diff --git a/pom.xml b/pom.xml index 0cff99b..b6c0fb1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,12 +6,12 @@ com.github.eiffel-community eiffel-remrem-parent - 2.0.12 + 2.0.14 - 2.1.15 - 2.4.0 + 2.1.16 + 2.4.1 eiffel-remrem-generate ${eiffel-remrem-generate.version} From ec990b337e34f2994a90072a42c38896208068c7 Mon Sep 17 00:00:00 2001 From: Roman Szturc Date: Sun, 9 Mar 2025 19:59:49 +0100 Subject: [PATCH 2/5] Introduce jitpack.yml with Eclipse Temurin 17.0.5 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c7b37e9..259206c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 2.1.15 +- Ensure Eclipse Temurin is used to build the library + ## 2.1.14 - Made changes to /generate end-point to improve efficiency how result of event generation is handled From 9b880f845a1c184e97ebcea7ef2af61835210e5d Mon Sep 17 00:00:00 2001 From: Roman Szturc Date: Sun, 9 Mar 2025 20:01:24 +0100 Subject: [PATCH 3/5] Introduce jitpack.yml with Eclipse Temurin 17.0.5 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b6c0fb1..9531038 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ - 2.1.16 + 2.1.15 2.4.1 eiffel-remrem-generate From 3402b2d8af29ae9a83f66e67c0d47a2bb459cc88 Mon Sep 17 00:00:00 2001 From: Roman Szturc Date: Sun, 9 Mar 2025 20:05:02 +0100 Subject: [PATCH 4/5] Introduce jitpack.yml with Eclipse Temurin 17.0.5 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 259206c..a120519 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ ## 2.1.15 -- Ensure Eclipse Temurin is used to build the library +- Ensure Eclipse Temurin is used to build the service ## 2.1.14 - Made changes to /generate end-point to improve efficiency how result of event generation is handled From cd641b047eb1de19e0d4ed1e3d8c12ada81bc29a Mon Sep 17 00:00:00 2001 From: Roman Szturc Date: Tue, 29 Apr 2025 10:44:49 +0200 Subject: [PATCH 5/5] Security fix described --- .../generate/config/DisabledSecurityConfig.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/service/src/main/java/com/ericsson/eiffel/remrem/generate/config/DisabledSecurityConfig.java b/service/src/main/java/com/ericsson/eiffel/remrem/generate/config/DisabledSecurityConfig.java index 8685f0a..498a273 100644 --- a/service/src/main/java/com/ericsson/eiffel/remrem/generate/config/DisabledSecurityConfig.java +++ b/service/src/main/java/com/ericsson/eiffel/remrem/generate/config/DisabledSecurityConfig.java @@ -34,6 +34,17 @@ public class DisabledSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().permitAll().and().csrf().disable(); + http.authorizeRequests() + .anyRequest() + .permitAll() + .and() + .csrf() + // The application uses non-browser clients. Yes, there is swagger interface, + // but is's used only for testing/tuning. + // + // From https://docs.spring.io/spring-security/reference/features/exploits/csrf.html + // "If you are creating a service that is used only by non-browser clients, + // you likely want to disable CSRF protection." + .disable(); } }