Release eumw-2.2.9

.hgtags

@@ -81,3 +81,5 @@ eebce4e024fdcf705d1ea6baef62e86e3f2eb947 eumw-2.2.4
 ad72b05e4f74397acc3725e0000a5881c823d4f4 eumw-2.2.8-RC1
 c8da8c54dd21220a86db8c326a752bd0dacda6f0 eumw-2.2.8-RC2
 b1c4925d7f9bb7c9b7d5fa5d50e598f230453d2f eumw-2.2.8-RC3
+c2603c35086fb65f2c863e363d11627d25a6e90b eumw-2.2.8
+8b0576bda9ebd2490878dfc4d0199ab069fb8899 eumw-2.2.9-RC1

configuration-checker/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
 
     <artifactId>configuration-checker</artifactId>

configuration-wizard/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>configuration-wizard</artifactId>
 

databasemigration/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>database-migration</artifactId>
 

distribution/pom.xml

@@ -15,11 +15,11 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
 
     <artifactId>distribution</artifactId>
-    <version>2.2.8</version>
+    <version>2.2.9</version>
     <packaging>pom</packaging>
 
     <dependencies>

doc/source/chapter/Changelog.rst

@@ -187,3 +187,7 @@ Changelog
 * 2.2.8
 
     - eIDAS Middleware: Security patch.
+
+* 2.2.9
+
+    - eIDAS Middleware: Fix CVEs by updating affected libraries, most notably xmlsec.

doc/source/chapter/Configuration.rst

@@ -72,7 +72,7 @@ In case you are using your own environment, copy the JAR file to a folder of you
 
 You can start the application with the following command::
 
-    java -jar configuration-wizard-2.2.8.jar
+    java -jar configuration-wizard-2.2.9.jar
 
 In addition you can define the config folder with adding the parameter ``DconfigDirectory`` and its value to the
 command. This way the configuration wizard will be available at ``http://localhost:8080/config-wizard.``
@@ -102,7 +102,7 @@ to run the wizard again whenever you need it.
 To run the configuration wizard, execute the following command.
 It will mount the named volume in the container so that the configuration wizard can store the configuration in the volume. ::
 
-    docker run --rm -it -v eidas-configuration:/opt/eidas-middleware/configuration -p 8080:8080 --name eidas-configuration-wizard governikus/eidas-configuration-wizard:2.2.8
+    docker run --rm -it -v eidas-configuration:/opt/eidas-middleware/configuration -p 8080:8080 --name eidas-configuration-wizard governikus/eidas-configuration-wizard:2.2.9
 
 Running this command the configuration wizard will be available on http://localhost:8080/config-wizard.
 
@@ -116,7 +116,7 @@ with the alias ``localhost`` and the password ``123456`` for the keystore and th
 You can also use PKCS12 keystores,
 in this case you must change the value of ``SERVER_SSL_KEY_STORE_TYPE`` to ``PKCS12``. ::
 
-    docker run --rm -it -v eidas-configuration:/opt/eidas-middleware/configuration -v /home/user/keystore.jks:/opt/eidas-middleware/keystore.jks -p 443:8080 -e SERVER_SSL_KEY_STORE=file:/opt/eidas-middleware/keystore.jks -e SERVER_SSL_KEY_STORE_TYPE=JKS -e SERVER_SSL_KEY_STORE_PASSWORD=123456 -e SERVER_SSL_KEY_ALIAS=localhost -e SERVER_SSL_KEY_PASSWORD=123456 --name eidas-configuration-wizard governikus/eidas-configuration-wizard:2.2.8
+    docker run --rm -it -v eidas-configuration:/opt/eidas-middleware/configuration -v /home/user/keystore.jks:/opt/eidas-middleware/keystore.jks -p 443:8080 -e SERVER_SSL_KEY_STORE=file:/opt/eidas-middleware/keystore.jks -e SERVER_SSL_KEY_STORE_TYPE=JKS -e SERVER_SSL_KEY_STORE_PASSWORD=123456 -e SERVER_SSL_KEY_ALIAS=localhost -e SERVER_SSL_KEY_PASSWORD=123456 --name eidas-configuration-wizard governikus/eidas-configuration-wizard:2.2.9
 
 Because the application is now bound to the host in port 443,
 the configuration wizard is available at https://localhost/config-wizard.

doc/source/chapter/DemoApplication.rst

@@ -50,8 +50,8 @@ Using the eIDAS Demo Application
 To use the eIDAS Demo Application, start by running the eIDAS Demo Application.
 
 #. Change to the correct directory where the aforementioned configuration is present.
-#. If not present, copy the ``eidas-demo-2.2.8.jar`` file in this directory.
-#. Start the application by executing ``java -jar eidas-demo-2.2.8.jar``.
+#. If not present, copy the ``eidas-demo-2.2.9.jar`` file in this directory.
+#. Start the application by executing ``java -jar eidas-demo-2.2.9.jar``.
 
 Now you must configure your eIDAS Middleware to communicate with the eIDAS Demo Application.
 
@@ -80,7 +80,7 @@ If there was an error or the user aborted the authorization procedure, you would
 There is also the possibility to demonstrate the eIDAS Middleware handling various errors.
 Open the URL ``http://your.demo.host:8080/NewRequesterServlet``. The third part of the linklist sends
 ``LoA = Test`` with different error provocations. This test works without eID card and AusweisApp2. In this
-demonstration also the CVC check is conducted. The result is shown if the CVC check wasn’t successful. If the CVC
+demonstration also the CVC check is conducted. The result is shown if the CVC check wasn't successful. If the CVC
 check was successful the eIDAS Middleware is configured properly.
 
 Using the eIDAS Demo Application in Docker
@@ -93,7 +93,7 @@ Also bear in mind that you must use the path of the container file system in the
 
 To run the middleware, execute the following command after you have prepared the configuration, certificate and keystores::
 
-    docker run --rm -it -v /path/to/your/config-directory:/opt/eidas-middleware/config -p 8080:8080 governikus/eidas-demo-application:2.2.8
+    docker run --rm -it -v /path/to/your/config-directory:/opt/eidas-middleware/config -p 8080:8080 governikus/eidas-demo-application:2.2.9
 
 Now you can follow the steps above to configure and test the eIDAS Middleware.
 

doc/source/chapter/Operating.rst

@@ -106,14 +106,14 @@ To run the eIDAS Middleware, execute the following command.
 It will mount the named volumes containing the database and configuration in the container
 and the application will be available on port 8443. ::
 
-    docker run --rm -it -v eidas-configuration:/opt/eidas-middleware/configuration -v eidas-database:/opt/eidas-middleware/database -p 8443:8443 --name eidas-middleware-application governikus/eidas-middleware-application:2.2.8
+    docker run --rm -it -v eidas-configuration:/opt/eidas-middleware/configuration -v eidas-database:/opt/eidas-middleware/database -p 8443:8443 --name eidas-middleware-application governikus/eidas-middleware-application:2.2.9
 
 To stop and remove the container, just hit ``CTRL+C``.
 
 To keep the container running longer without being attached to the STDOUT and STDERR, change the command to
 the following::
 
-    docker run -d -v eidas-configuration:/opt/eidas-middleware/configuration -v eidas-database:/opt/eidas-middleware/database -p 8443:8443 --name eidas-middleware-application governikus/eidas-middleware-application:2.2.8
+    docker run -d -v eidas-configuration:/opt/eidas-middleware/configuration -v eidas-database:/opt/eidas-middleware/database -p 8443:8443 --name eidas-middleware-application governikus/eidas-middleware-application:2.2.9
 
 For more information on starting and stopping containers and viewing the logs,
 see the `Docker Docs <https://docs.docker.com/engine/reference/run/>`_.
@@ -177,7 +177,7 @@ Scalability
 The performance of the eIDAS Middleware improves by adding more memory (RAM) and using a faster CPU.
 In case the memory configuration has changed, the server needs to be restarted.
 To start the JVM with more memory, add ``-Xmx`` with the new maximum memory size to the start command,
-e.g. ``java -Xmx8g -jar eidas-middleware-2.2.8.jar`` for 8 GB.
+e.g. ``java -Xmx8g -jar eidas-middleware-2.2.9.jar`` for 8 GB.
 
 
 Request Signer Certificate
@@ -269,7 +269,7 @@ Optional property for ``TRAP`` is ``poseidas.snmp.managementport`` (port 162 is
 set).
 
 All existing SNMP GET values are explained in detail in the MIB located at
-``https://github.com/Governikus/eidas-middleware/blob/2.2.8/poseidas/snmp/EIDASMW-SNMP-MIB.mib``.
+``https://github.com/Governikus/eidas-middleware/blob/2.2.9/poseidas/snmp/EIDASMW-SNMP-MIB.mib``.
 
 Global GET
 ''''''''''
@@ -369,6 +369,6 @@ Stop the eIDAS Middleware Application and copy the database file to your backup
 e.g. ``cp /opt/eidas-middleware/database/eidasmw.mv.db /path/to/your/backup-location/eidasmw.mv.db``.
 
 To perform the migration, copy the database migration JAR file to the directory where your
-configuration file is available and execute the command ``java -jar database-migration-2.2.8.jar``.
+configuration file is available and execute the command ``java -jar database-migration-2.2.9.jar``.
 If there are errors in the log output, please send the complete log output and some information on your environment to
 eidas-middleware@governikus.com.

doc/source/conf.py

@@ -55,9 +55,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '2.2.8'
+version = '2.2.9'
 # The full version, including alpha/beta/rc tags.
-release = '2.2.8'
+release = '2.2.9'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

dvca-connection-configurator/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>dvca-connection-configurator</artifactId>
     <name>dvca-connection-configurator</name>

eidas-base-container/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
 
     <artifactId>eidas-base-container</artifactId>

eidas-base-container/src/main/docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM azul/zulu-openjdk-alpine:8u332
+FROM azul/zulu-openjdk-alpine:8u362
 
 MAINTAINER Benny Prange <benny.prange@governikus.de>
 

eidas-common/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>de.governikus.eumw</groupId>
 		<artifactId>eumw</artifactId>
-		<version>2.2.8</version>
+		<version>2.2.9</version>
 	</parent>
 	<artifactId>eidas-common</artifactId>
 

eidas-demo/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>eidas-demo</artifactId>
 

eidas-middleware/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>eidas-middleware</artifactId>
 

eidas-starterkit/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>eidas-starterkit</artifactId>
 

password-generator/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>password-generator</artifactId>
 

pom.xml

@@ -14,7 +14,7 @@
 
     <groupId>de.governikus.eumw</groupId>
     <artifactId>eumw</artifactId>
-    <version>2.2.8</version>
+    <version>2.2.9</version>
     <packaging>pom</packaging>
 
     <name>EU Middleware</name>
@@ -37,7 +37,7 @@
     <scm>
         <url>https://hg.govkg.de/Autent/eumw</url>
         <connection>scm:hg:https://hg.govkg.de/Autent/eumw</connection>
-        <tag>eumw-2.2.8</tag>
+        <tag>eumw-2.2.9</tag>
     </scm>
 
     <developers>
@@ -86,7 +86,7 @@
         <!-- 2.0.0 exists but is for OpenSAML 4 only -->
         <version.opensaml-security-ext>1.0.8</version.opensaml-security-ext>
         <version.opensaml>3.4.6</version.opensaml>
-        <version.xmlsec>2.3.1</version.xmlsec>
+        <version.xmlsec>2.3.4</version.xmlsec>
 
         <version.cxf>3.4.7</version.cxf>
         <version.springboot>2.6.9</version.springboot>
@@ -112,6 +112,8 @@
         <version.groovy>3.0.11</version.groovy>
         <!-- 3.x.x available but not executable with Java 8 -->
         <version.snmp4j>2.7.4</version.snmp4j>
+        <!-- manage for CVE -->
+        <version.tomcat>9.0.82</version.tomcat>
 
         <!-- IDE helper -->
         <version.lombok>1.18.24</version.lombok>
@@ -799,6 +801,23 @@
                 <version>${version.joda-time}</version>
             </dependency>
 
+            <!-- manage tomcat for CVE -->
+            <dependency>
+                <groupId>org.apache.tomcat.embed</groupId>
+                <artifactId>tomcat-embed-core</artifactId>
+                <version>${version.tomcat}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.tomcat.embed</groupId>
+                <artifactId>tomcat-embed-el</artifactId>
+                <version>${version.tomcat}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.tomcat.embed</groupId>
+                <artifactId>tomcat-embed-websocket</artifactId>
+                <version>${version.tomcat}</version>
+            </dependency>
+
             <!-- test dependencies -->
             <dependency>
                 <groupId>org.slf4j</groupId>

poseidas-configuration/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

poseidas/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>poseidas</artifactId>
 

utils/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.2.8</version>
+        <version>2.2.9</version>
     </parent>
     <artifactId>utils</artifactId>