fix sonatype reported cve issues

jwijgerd · jwijgerd · commit 6c55d584aa14 · 2025-01-17T17:06:51.000+01:00
update version to 6.5.0-SNAPSHOT for next release
diff --git a/bom/pom.xml b/bom/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-parent</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/api/pom.xml b/main/api/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/backplane-cassandra-common/pom.xml b/main/backplane-cassandra-common/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>elasticactors-main</artifactId>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/backplane-cassandra/pom.xml b/main/backplane-cassandra/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/backplane-cassandra2/pom.xml b/main/backplane-cassandra2/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/backplane-cassandra4/pom.xml b/main/backplane-cassandra4/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>elasticactors-main</artifactId>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/backplane-redis/pom.xml b/main/backplane-redis/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/base/pom.xml b/main/base/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/caching/pom.xml b/main/caching/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/client-rabbitmq/pom.xml b/main/client-rabbitmq/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/client-spring-amqp/pom.xml b/main/client-spring-amqp/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/client/pom.xml b/main/client/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/cluster-kubernetes/pom.xml b/main/cluster-kubernetes/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/cluster-shoal/pom.xml b/main/cluster-shoal/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/core/pom.xml b/main/core/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/elasticactors-kafka-testapp/pom.xml b/main/elasticactors-kafka-testapp/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/elasticactors-kafka/pom.xml b/main/elasticactors-kafka/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/indexing-elasticsearch/pom.xml b/main/indexing-elasticsearch/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/messaging-activemq/pom.xml b/main/messaging-activemq/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/messaging-rabbitmq/pom.xml b/main/messaging-rabbitmq/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/messaging/pom.xml b/main/messaging/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/pom.xml b/main/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-parent</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>elasticactors-main</artifactId>
@@ -58,8 +58,7 @@
         <chronicle-bom.version>2.27ea8</chronicle-bom.version>
         <!-- this is needed to fix an issue with cassandra-driver-core 3.11.5 -->
         <jnr.version>2.2.16</jnr.version>
-        <!-- This is the last release with ASLv2-->
-        <elasticsearch.version>7.10.2</elasticsearch.version>
+        <elasticsearch.version>7.17.27</elasticsearch.version>
         <kubernetes-client.version>7.0.1</kubernetes-client.version>
         <java-uuid-generator.version>5.1.0</java-uuid-generator.version>
         <!-- testing -->
@@ -79,6 +78,9 @@
         <fast-uuid.version>0.2.0</fast-uuid.version>
         <!-- needed to fix an issue with cassandra java-driver-core v4.17.0 and micrometer-core v1.13.0 -->
         <hdrhistogram.version>2.2.1</hdrhistogram.version>
+        <!-- needed to fix sbom cve issues -->
+        <libthrift.version>0.21.0</libthrift.version>
+        <commons-lang3.version>3.17.0</commons-lang3.version>
     </properties>
 
     <scm>
@@ -211,6 +213,16 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.apache.thrift</groupId>
+                <artifactId>libthrift</artifactId>
+                <version>${libthrift.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-lang3</artifactId>
+                <version>${commons-lang3.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.cassandra</groupId>
                 <artifactId>cassandra-thrift</artifactId>
@@ -220,6 +232,10 @@
                         <groupId>javax.servlet</groupId>
                         <artifactId>servlet-api</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.commons</groupId>
+                        <artifactId>commons-lang3</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
             <dependency>
@@ -415,6 +431,10 @@
                         <groupId>org.hdrhistogram</groupId>
                         <artifactId>HdrHistogram</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.yaml</groupId>
+                        <artifactId>snakeyaml</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
             <dependency>
diff --git a/main/runtime/pom.xml b/main/runtime/pom.xml
@@ -19,12 +19,12 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>elasticactors-runtime</artifactId>
-    <version>6.4.4-SNAPSHOT</version>
+    <version>6.5.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <name>Elastic Software Foundation :: ElasticActors :: Runtime</name>
diff --git a/main/spi/pom.xml b/main/spi/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/test/pom.xml b/main/test/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/tracing-slf4j/pom.xml b/main/tracing-slf4j/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/tracing-spring/pom.xml b/main/tracing-spring/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/main/tracing/pom.xml b/main/tracing/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
         <artifactId>elasticactors-main</artifactId>
-        <version>6.4.4-SNAPSHOT</version>
+        <version>6.5.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/pom.xml b/pom.xml
@@ -20,7 +20,7 @@
 
     <groupId>org.elasticsoftwarefoundation.elasticactors</groupId>
     <artifactId>elasticactors-parent</artifactId>
-    <version>6.4.4-SNAPSHOT</version>
+    <version>6.5.0-SNAPSHOT</version>
 
     <packaging>pom</packaging>
 
