Merge branch 'release/v1.7.3-1'

Author: robertauer

.mvn/wrapper/maven-wrapper.properties

@@ -1 +1 @@
-distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip

CHANGELOG.md

@@ -7,6 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.7.3-1] - 2024-08-05
+
+### Changed
+- [#220] Update base image to java:21.0.3-4
+- [#220] Update Sprint Boot Starter to 3.3.2
+- [#220] Update Spring to 6.1.11
+- [#220] Update CAS-Client to 4.0.4
+- [#220] Update Maven to 3.9.8
+- [#220] Update JAXB to 2.3.1
+- [#220] Update Snakeyaml to 2.2
+- [#220] Update Guava to 33.2.1-jre
+- [#220] Update slf4j to 2.0.13
+- [#220] Update Logback to 1.5.6
+- [#220] Update cloudogu/VersionName to 2.1.0
+- [#220] Update jakarta.servlet-api to 6.1.0
+- [#220] Update httpclient5 to 5.3.1
+- [#220] Update NodeJs dev-server to 22.5.1
+- [#220] Update Yarn to 1.22.22
+- [#220] Update Jacoco to 0.8.12
+
+### Fixed
+- [#220] use pinned version of jetbrains annotations 24.1.0
+- [#220] fix [Fasterxml DoS vulnerability](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)
+
 ## [v1.7.2-2] - 2024-07-01
 ### Changed
 - Update base image to java:17.0.11-3 to use doguctl v0.12.0 (#92)

Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:17.0.11_9-jdk as builder
+FROM eclipse-temurin:21.0.4_7-jdk as builder
 
 ENV SMEAGOL_DIR=/usr/src/smeagol
 COPY mvnw pom.xml package.json yarn.lock .prettierrc ${SMEAGOL_DIR}/
@@ -16,9 +16,9 @@ RUN set -x \
 
 
 
-FROM registry.cloudogu.com/official/java:17.0.11-3
+FROM registry.cloudogu.com/official/java:21.0.3-4
 LABEL NAME="official/smeagol" \
-      VERSION="1.7.2-2" \
+      VERSION="1.7.3-1" \
       maintainer="[email protected]"
 
 ENV SERVICE_TAGS=webapp \

Jenkinsfile

@@ -22,7 +22,7 @@ parallel(
     node() { // No specific label
       timestamps {
 
-        def mvnDockerName = '3.6-openjdk-17'
+        def mvnDockerName = '3.9.8-eclipse-temurin-21'
         Maven mvn = new MavenInDocker(this, mvnDockerName)
 
         stage('Checkout') {

docs/gui/release_notes_de.md

@@ -4,12 +4,18 @@ Im Folgenden finden Sie die Release Notes für Smeagol.
 
 Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https://docs.cloudogu.com/de/docs/dogus/smeagol/CHANGELOG/).
 
+## Release 1.7.3-1
+
+**Das Release behebt einen ([DoS-Angriffsvektor](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). Ein Update ist daher empfohlen.**
+
+Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
+
 ## Release 1.7.2-2
 
 Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
 
 ## Release 1.7.2-1
 
-> Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.
+**Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.**
 
-Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
+Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.

docs/gui/release_notes_en.md

@@ -4,12 +4,18 @@ Below you will find the release notes for Smeagol.
 
 Technical details on a release can be found in the corresponding [Changelog](https://docs.cloudogu.com/en/docs/dogus/smeagol/CHANGELOG/).
 
+## Release 1.7.3-1
+
+** The release fixes a ([DoS attack vector](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). An update is therefore recommended.**
+
+We have only made technical changes. You can find more details in the changelogs.
+
 ## Release 1.7.2-2
 
 We have only made technical changes. You can find more details in the changelogs.
 
 ## Release 1.7.2-1
 
-> The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.
+**The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.**
 
-We have only made technical changes. You can find more details in the changelogs.
+We have only made technical changes. You can find more details in the changelogs.

dogu.json

@@ -1,6 +1,6 @@
 {
   "Name": "official/smeagol",
-  "Version": "1.7.2-2",
+  "Version": "1.7.3-1",
   "DisplayName": "Smeagol",
   "Description": "Store your technical documentation with in your git repositories",
   "Category": "Development Apps",

package.json

@@ -1,17 +1,17 @@
 {
   "name": "smeagol",
-  "version": "1.7.2-2",
+  "version": "1.7.3-1",
   "private": true,
   "dependencies": {
     "ces-theme": "https://github.com/cloudogu/ces-theme.git#v0.7.2",
     "classnames": "^2.2.5",
+    "dayjs": "^1.11.10",
     "highlight.js": "^10.4.1",
     "history": "^4.7.2",
     "i18next": "^10.3.0",
     "i18next-browser-languagedetector": "^2.1.0",
     "i18next-fetch-backend": "^0.1.0",
     "i18next-resource-store-loader": "^0.1.2",
-    "dayjs": "^1.11.10",
     "object-assign": "4.1.1",
     "promise": "8.0.1",
     "query-string": "^5.0.1",

pom.xml

@@ -6,13 +6,13 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.0.5</version>
+        <version>3.3.2</version>
         <relativePath/>
     </parent>
 
     <groupId>com.cloudogu.wiki</groupId>
     <artifactId>smeagol</artifactId>
-    <version>1.7.2-2</version>
+    <version>1.7.3-1</version>
     <name>smeagol</name>
     <packaging>war</packaging>
 
@@ -39,7 +39,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>6.0.7</version>
+            <version>6.1.11</version>
         </dependency>
 
         <dependency>
@@ -62,7 +62,7 @@
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
-            <version>2.0</version>
+            <version>2.2</version>
         </dependency>
 
         <dependency>
@@ -149,28 +149,28 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>30.1-jre</version>
+            <version>33.2.1-jre</version>
         </dependency>
 
         <!-- logging -->
 
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>2.0.5</version>
+            <version>2.0.13</version>
         </dependency>
 
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.4.6</version>
+            <version>1.5.6</version>
         </dependency>
 
         <!-- Used to extract the version at runtime -->
         <dependency>
             <groupId>com.cloudogu.versionName</groupId>
             <artifactId>versionName</artifactId>
-            <version>2.0.0</version>
+            <version>2.1.0</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -181,20 +181,20 @@
         <dependency>
             <groupId>org.jetbrains</groupId>
             <artifactId>annotations</artifactId>
-            <version>RELEASE</version>
+            <version>24.1.0</version>
             <scope>compile</scope>
         </dependency>
 
         <dependency>
             <groupId>jakarta.servlet</groupId>
             <artifactId>jakarta.servlet-api</artifactId>
-            <version>6.0.0</version>
+            <version>6.1.0</version>
         </dependency>
 
         <dependency>
             <groupId>org.apache.httpcomponents.client5</groupId>
             <artifactId>httpclient5</artifactId>
-            <version>5.2.1</version>
+            <version>5.3.1</version>
         </dependency>
 
     </dependencies>
@@ -269,11 +269,11 @@
                 <version>2.5.0</version>
                 <configuration>
                     <node>
-                        <version>18.7.0</version>
+                        <version>22.5.1</version>
                     </node>
                     <pkgManager>
                         <type>YARN</type>
-                        <version>1.22.19</version>
+                        <version>1.22.22</version>
                     </pkgManager>
                     <pkg/>
                     <script/>
@@ -288,7 +288,7 @@
                     </execution>
                     <execution>
                         <id>run-test</id>
-                        <!-- use prepare-package to avoid installing durring spring-boot:run -->
+                        <!-- use prepare-package to avoid installing during spring-boot:run -->
                         <phase>test</phase>
                         <goals>
                             <goal>run</goal>
@@ -299,7 +299,7 @@
                     </execution>
                     <execution>
                         <id>run-build</id>
-                        <!-- use prepare-package to avoid installing durring spring-boot:run -->
+                        <!-- use prepare-package to avoid installing during spring-boot:run -->
                         <phase>prepare-package</phase>
                         <goals>
                             <goal>run</goal>
@@ -314,7 +314,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <source>${java.version}</source>
                     <target>${java.version}</target>
@@ -328,7 +328,7 @@
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.8</version>
+                    <version>0.8.12</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -383,9 +383,16 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <cas-client.version>4.0.1</cas-client.version>
-        <java.version>17</java.version>
-        <jaxb.version>2.3.0</jaxb.version>
+        <cas-client.version>4.0.4</cas-client.version>
+        <java.version>21</java.version>
+        <jaxb.version>2.3.1</jaxb.version>
         <jgit.version>5.1.16.202106041830-r</jgit.version>
     </properties>
+    <repositories>
+        <repository>
+            <id>maven_central</id>
+            <name>Maven Central</name>
+            <url>https://repo.maven.apache.org/maven2/</url>
+        </repository>
+    </repositories>
 </project>