From aaacb487f67d4a27fa1fd27c521f164e8372f316 Mon Sep 17 00:00:00 2001 From: dvasunin Date: Sun, 26 Nov 2023 20:27:00 +0200 Subject: [PATCH 1/6] update for bcprov-jdk18on to resolve CVE-2023-33202 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 9b1f2847..398e1549 100644 --- a/pom.xml +++ b/pom.xml @@ -93,6 +93,11 @@ bcpkix-jdk15on 1.70 + + org.bouncycastle + bcprov-jdk18on + 1.77 + com.google.protobuf protobuf-javalite From b6a3e1ac120c111cbfbd44d4bb61b7bb742efdee Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Mon, 27 Nov 2023 09:12:22 +0530 Subject: [PATCH 2/6] bump version --- charts/sdfactory/Chart.yaml | 2 +- charts/sdfactory/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/sdfactory/Chart.yaml b/charts/sdfactory/Chart.yaml index 6b14d8eb..9741dbe5 100644 --- a/charts/sdfactory/Chart.yaml +++ b/charts/sdfactory/Chart.yaml @@ -38,7 +38,7 @@ sources: # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "2.1.9" +version: "2.2.0" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/sdfactory/README.md b/charts/sdfactory/README.md index c6ac285a..d2541578 100644 --- a/charts/sdfactory/README.md +++ b/charts/sdfactory/README.md @@ -1,6 +1,6 @@ # sdfactory -![Version: 2.1.9](https://img.shields.io/badge/Version-2.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.8](https://img.shields.io/badge/AppVersion-2.1.8-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.8](https://img.shields.io/badge/AppVersion-2.1.8-informational?style=flat-square) Helm Charts for SD Factory application. Self-Description Factory component is responsible for the creation of Self Descriptions. From a3b0251611c843b04251414a9667d04a7e4d3d1b Mon Sep 17 00:00:00 2001 From: dvasunin Date: Mon, 27 Nov 2023 09:18:01 +0200 Subject: [PATCH 3/6] update for DEPENDENCIES --- DEPENDENCIES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 27a15567..44823f1b 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -59,7 +59,7 @@ maven/mavencentral/org.aspectj/aspectjweaver/1.9.20, EPL-1.0, approved, tools.as maven/mavencentral/org.bitcoinj/bitcoinj-core/0.16.1, Apache-2.0, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.70, MIT, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 -maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.71, MIT, approved, #3475 +maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.77, MIT AND CC0-1.0, approved, #11595 maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.70, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined maven/mavencentral/org.glassfish/jakarta.json/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp From ac5ecfd7558fcff5130dbd978ef2a0e513f3fb8f Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Mon, 27 Nov 2023 14:17:33 +0530 Subject: [PATCH 4/6] updating the versin no. --- CHANGELOG.md | 10 ++++++++++ README.md | 2 +- charts/sdfactory/Chart.yaml | 2 +- charts/sdfactory/README.md | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a8ab170c..e7b35332 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [Unreleased] + - Trivy security fix for bouncycastle + +## [2.1.9] - 2023-11-24 + +### Changed - Updated base image - Updated workflow for helm lint - helm upgrade workflow fix + +## [2.1.8] - 2023-10-17 + +### Changed + - Refactoring SD Factory ## [2.1.7] - 2023-10-05 diff --git a/README.md b/README.md index e0c4c86c..b46267ae 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ further processing. ```shell Software version: 2.1.8 -Helm Chart version: 2.1.9 +Helm Chart version: 2.1.10 ``` diff --git a/charts/sdfactory/Chart.yaml b/charts/sdfactory/Chart.yaml index 9741dbe5..381ac02c 100644 --- a/charts/sdfactory/Chart.yaml +++ b/charts/sdfactory/Chart.yaml @@ -38,7 +38,7 @@ sources: # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "2.2.0" +version: "2.1.10" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/sdfactory/README.md b/charts/sdfactory/README.md index d2541578..ef60e47e 100644 --- a/charts/sdfactory/README.md +++ b/charts/sdfactory/README.md @@ -1,6 +1,6 @@ # sdfactory -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.8](https://img.shields.io/badge/AppVersion-2.1.8-informational?style=flat-square) +![Version: 2.1.10](https://img.shields.io/badge/Version-2.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.8](https://img.shields.io/badge/AppVersion-2.1.8-informational?style=flat-square) Helm Charts for SD Factory application. Self-Description Factory component is responsible for the creation of Self Descriptions. From 1b6219e34068de720aba7121f9b66868c7acf2dd Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Mon, 27 Nov 2023 14:55:16 +0530 Subject: [PATCH 5/6] updated version in changelog --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7b35332..328dcc7d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,11 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [Unreleased] - - Trivy security fix for bouncycastle -## [2.1.9] - 2023-11-24 + +## [2.1.8] - 2023-11-27 ### Changed +- Security fix for bouncycastle which can have DoS issue - Updated base image - Updated workflow for helm lint - helm upgrade workflow fix From 727b3a9704808f1b66c99df9e2a1c1698b30c367 Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Mon, 27 Nov 2023 14:56:08 +0530 Subject: [PATCH 6/6] updated changelog --- CHANGELOG.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 328dcc7d..14a4ba54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,11 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Updated base image - Updated workflow for helm lint - helm upgrade workflow fix - -## [2.1.8] - 2023-10-17 - -### Changed - - Refactoring SD Factory +- Refactoring SD Factory ## [2.1.7] - 2023-10-05