From 270729bde63ab475b49653d59cd6c2aee3c7733d Mon Sep 17 00:00:00 2001 From: Lokeswara Yadav Manapaty Date: Mon, 23 Jun 2025 17:00:15 +0530 Subject: [PATCH 1/4] CD-6757 fixed commons-beanutils --- plugin-api/build.gradle | 7 +++++++ settings.gradle | 1 + 2 files changed, 8 insertions(+) diff --git a/plugin-api/build.gradle b/plugin-api/build.gradle index 080f1fd6..e8691e8f 100644 --- a/plugin-api/build.gradle +++ b/plugin-api/build.gradle @@ -8,6 +8,7 @@ dependencies { implementation libs.commons.lang3 implementation libs.commons.text implementation libs.commons.validator + implementation libs.commons.beanutils implementation libs.gson // shaded, but not relocated @@ -31,6 +32,12 @@ dependencies { configurations { // Make the compileOnly dependencies available when compiling/running tests testImplementation.extendsFrom compileOnly + + configureEach { + resolutionStrategy { + force 'commons-beanutils:commons-beanutils:1.11.0' + } + } } def on3Digits(version) { diff --git a/settings.gradle b/settings.gradle index d67f314d..68faea16 100644 --- a/settings.gradle +++ b/settings.gradle @@ -11,6 +11,7 @@ dependencyResolutionManagement { library('commons-lang3', 'org.apache.commons:commons-lang3:3.14.0') library('commons-text', 'org.apache.commons:commons-text:1.12.0') library('commons-validator', 'commons-validator:commons-validator:1.9.0') + library('commons-beanutils', 'commons-beanutils:commons-beanutils:1.11.0') library('guava', 'com.google.guava:guava:31.1-jre') library('gson', 'com.google.code.gson:gson:2.11.0') library('jsr305', 'com.google.code.findbugs:jsr305:3.0.2') From b470bd73f8bbb1f4030d1c0579a307b2dfed6ffb Mon Sep 17 00:00:00 2001 From: Lokeswara Yadav Manapaty Date: Wed, 2 Jul 2025 20:43:37 +0530 Subject: [PATCH 2/4] CD-6757 excluding commons-beanutils in validator --- plugin-api/build.gradle | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugin-api/build.gradle b/plugin-api/build.gradle index e8691e8f..22f81a1f 100644 --- a/plugin-api/build.gradle +++ b/plugin-api/build.gradle @@ -7,7 +7,10 @@ dependencies { implementation libs.commons.io implementation libs.commons.lang3 implementation libs.commons.text - implementation libs.commons.validator + implementation(libs.commons.validator) { + exclude group: 'commons-beanutils', module: 'commons-beanutils' + } + implementation(libs.commons.beanutils) implementation libs.commons.beanutils implementation libs.gson From f578547df3ed1a070deeadd58e32994d66ad630b Mon Sep 17 00:00:00 2001 From: Lokeswara Yadav Manapaty Date: Wed, 2 Jul 2025 20:45:16 +0530 Subject: [PATCH 3/4] CD-6757 excluding commons-beanutils in validator --- plugin-api/build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/plugin-api/build.gradle b/plugin-api/build.gradle index 22f81a1f..315eea64 100644 --- a/plugin-api/build.gradle +++ b/plugin-api/build.gradle @@ -10,7 +10,6 @@ dependencies { implementation(libs.commons.validator) { exclude group: 'commons-beanutils', module: 'commons-beanutils' } - implementation(libs.commons.beanutils) implementation libs.commons.beanutils implementation libs.gson From d7e7489c8d1fdb91cbca658035f385ed37c2fcdc Mon Sep 17 00:00:00 2001 From: Salil Sharma <150223667+salil-sharma-ar@users.noreply.github.com> Date: Sun, 27 Jul 2025 23:29:43 +0530 Subject: [PATCH 4/4] CD-7093 - Fix apache commons vulnerability --- settings.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.gradle b/settings.gradle index 68faea16..18bfe76b 100644 --- a/settings.gradle +++ b/settings.gradle @@ -8,7 +8,7 @@ dependencyResolutionManagement { libs { version('slf4j', '1.7.30') library('commons-io', 'commons-io:commons-io:2.16.1') - library('commons-lang3', 'org.apache.commons:commons-lang3:3.14.0') + library('commons-lang3', 'org.apache.commons:commons-lang3:3.18.0') library('commons-text', 'org.apache.commons:commons-text:1.12.0') library('commons-validator', 'commons-validator:commons-validator:1.9.0') library('commons-beanutils', 'commons-beanutils:commons-beanutils:1.11.0')