From db9085ee65f9b888d5fc0b632821e7b73cb414a3 Mon Sep 17 00:00:00 2001
From: Ivan Kustau <86599591+IvanKustau@users.noreply.github.com>
Date: Thu, 28 Mar 2024 16:48:34 +0300
Subject: [PATCH 1/3] EPMRPP-89929 || Fix security vulnerabilities (#131)

---
 build.gradle | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index a833d20..375096d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -53,7 +53,7 @@ processResources {
 ext['log4j2.version'] = '2.21.1'
 ext['log4j-to-slf4j.version'] = '2.21.1'
 //https://nvd.nist.gov/vuln/detail/CVE-2022-26520
-ext['postgresql.version'] = '42.6.0'
+ext['postgresql.version'] = '42.6.1'
 ext['snakeyaml.version'] = '1.33'
 //
 
@@ -67,6 +67,24 @@ dependencies {
     // https://mvnrepository.com/artifact/org.apache.commons/commons-lang3
     implementation 'org.apache.commons:commons-lang3:3.12.0'
 
+    // Fix CVE-2023-46589, CVE-2024-24549
+    implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.86'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.86'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.86'
+
+    //Fix CVE-2023-6378, CVE-2023-6481, CVE-2023-6378, CVE-2023-6481
+    implementation 'ch.qos.logback:logback-classic:1.2.13'
+    implementation 'ch.qos.logback:logback-core:1.2.13'
+
+    //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
+    implementation 'org.springframework:spring-webmvc:5.3.32'
+    implementation 'org.springframework:spring-web:5.3.32'
+
+    // Fix CVE-2024-25710, CVE-2024-26308
+    implementation 'org.apache.commons:commons-compress:1.26.0'
+
+    //Fix CVE-2023-34050
+    implementation 'org.springframework.amqp:spring-amqp:2.4.17'
 
     implementation 'org.springframework.boot:spring-boot-starter-aop'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'

From 3119b8d4c7d96ca9f301da0b8f459c439078fa31 Mon Sep 17 00:00:00 2001
From: Ivan_Kustau <Ivan_Kustau@epam.com>
Date: Tue, 9 Apr 2024 15:43:52 +0300
Subject: [PATCH 2/3] Update spring web version

---
 build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 375096d..0d2ccff 100644
--- a/build.gradle
+++ b/build.gradle
@@ -77,8 +77,8 @@ dependencies {
     implementation 'ch.qos.logback:logback-core:1.2.13'
 
     //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
-    implementation 'org.springframework:spring-webmvc:5.3.32'
-    implementation 'org.springframework:spring-web:5.3.32'
+    implementation 'org.springframework:spring-webmvc:5.3.33'
+    implementation 'org.springframework:spring-web:5.3.33'
 
     // Fix CVE-2024-25710, CVE-2024-26308
     implementation 'org.apache.commons:commons-compress:1.26.0'

From 853a04cd5f399021bdb843e9deca966d9245f48f Mon Sep 17 00:00:00 2001
From: "reportportal.io" <support@reportportal.io>
Date: Thu, 18 Apr 2024 12:51:05 +0000
Subject: [PATCH 3/3] [Gradle Release Plugin] - new version commit:  '5.11.2'.

---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index fbe8358..dd3706e 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,4 +1,4 @@
-version=5.11.1
+version=5.11.2
 description=EPAM Report portal. Service jobs
 dockerServerUrl=unix:///var/run/docker.sock
 dockerPrepareEnvironment=