[RDCC-6234] -Fix for CVE-2023-24998 (#502)

manukundloo-hmcts · web-flow · commit d0b1107caefc · 2023-03-06T12:52:40.000Z
diff --git a/build.gradle b/build.gradle
@@ -35,7 +35,7 @@ def versions = [
         jackson            : '2.14.0-rc1',
         launchDarklySdk    : '5.10.2',
         pact_version       : '4.1.7',
-        log4j              : '2.17.1',
+        log4j              : '2.18.0',
         springVersion      : '5.3.20',
         logback            : '1.2.11',
         bytebuddy          : '1.12.7',
@@ -462,6 +462,11 @@ dependencyManagement {
             entry 'spring-cloud-starter-openfeign'
             entry 'spring-cloud-openfeign-core'
         }
+
+        //CVE-2023-24998
+        dependencySet(group: 'commons-fileupload', version: '1.5') {
+            entry 'commons-fileupload'
+        }
     }
 }
 
diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -10,8 +10,4 @@
         <cve>CVE-2022-45688</cve>
     </suppress>
 
-    <suppress>
-        <notes>commons-fileupload</notes>
-        <cve>CVE-2023-24998</cve>
-    </suppress>
 </suppressions>

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ def versions = [`
`35`	`35`	`jackson : '2.14.0-rc1',`
`36`	`36`	`launchDarklySdk : '5.10.2',`
`37`	`37`	`pact_version : '4.1.7',`
`38`		`- log4j : '2.17.1',`
	`38`	`+ log4j : '2.18.0',`
`39`	`39`	`springVersion : '5.3.20',`
`40`	`40`	`logback : '1.2.11',`
`41`	`41`	`bytebuddy : '1.12.7',`
`@@ -462,6 +462,11 @@ dependencyManagement {`
`462`	`462`	`entry 'spring-cloud-starter-openfeign'`
`463`	`463`	`entry 'spring-cloud-openfeign-core'`
`464`	`464`	`}`
	`465`	`+`
	`466`	`+ //CVE-2023-24998`
	`467`	`+ dependencySet(group: 'commons-fileupload', version: '1.5') {`
	`468`	`+ entry 'commons-fileupload'`
	`469`	`+ }`
`465`	`470`	`}`
`466`	`471`	`}`
`467`	`472`