From 7fc2d0e01d1a06ba2a6e794a9268d16f7aa9b379 Mon Sep 17 00:00:00 2001
From: Dilip Dhankecha <dilip.dhankecha@smartsensesolutions.com>
Date: Tue, 12 Nov 2024 16:07:08 +0530
Subject: [PATCH 1/4] fix(MissingOutputStage): Handle upsert output stage based
 on the sharing state id

---
 .../tractusx/bpdm/gate/service/BusinessPartnerService.kt      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bpdm-gate/src/main/kotlin/org/eclipse/tractusx/bpdm/gate/service/BusinessPartnerService.kt b/bpdm-gate/src/main/kotlin/org/eclipse/tractusx/bpdm/gate/service/BusinessPartnerService.kt
index ac5ac5a61..3a13c2aba 100644
--- a/bpdm-gate/src/main/kotlin/org/eclipse/tractusx/bpdm/gate/service/BusinessPartnerService.kt
+++ b/bpdm-gate/src/main/kotlin/org/eclipse/tractusx/bpdm/gate/service/BusinessPartnerService.kt
@@ -97,10 +97,10 @@ class BusinessPartnerService(
         logger.debug { "Executing upsertBusinessPartnersOutput() with parameters $requests" }
 
         val existingOutputs = businessPartnerRepository.findBySharingStateInAndStage(requests.map { it.sharingState }, StageType.Output)
-        val existingOutputsByExternalId = existingOutputs.associateBy { it.sharingState.externalId }
+        val existingOutputsBySharingStateId = existingOutputs.associateBy { it.sharingState.id }
 
         val updatedEntities = requests.map { request ->
-            val existingOutput = existingOutputsByExternalId[request.sharingState.externalId]
+            val existingOutput = existingOutputsBySharingStateId[request.sharingState.id]
             val updatedData = outputUpsertMappings.toEntity(request.upsertData, request.sharingState)
 
             upsertFromEntity(existingOutput, updatedData)

From 2068956042e8cd5c2eb8dcc1b7ac348f2f280919 Mon Sep 17 00:00:00 2001
From: Nico Koprowski <nico.koprowski@abat.de>
Date: Tue, 19 Nov 2024 11:56:24 +0800
Subject: [PATCH 2/4] build(deps): increase netty-common version

- fixes denial of service vulnerability
---
 CHANGELOG.md |  1 +
 DEPENDENCIES | 12 ++++++------
 pom.xml      |  6 ++++++
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1827a256d..c92bfce13 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ For changes to the BPDM Helm charts please consult the [changelog](charts/bpdm/C
 - BPDM Pool: When processing golden record tasks the Pool now ignores isCatenaXMemberData field if it is set to null. ([#1069](https://github.com/eclipse-tractusx/bpdm/issues/1069))
 - BPDM Gate: Fixed gate output logic to provide states based on business partner type. ([#1097](https://github.com/eclipse-tractusx/bpdm/pull/1097))
 - BPDM Cleaning Service Dummy: Removed assignment of uncategorized identifier while performing cleaning task process. ([#1098](https://github.com/eclipse-tractusx/bpdm/pull/1098))  
+- BPDM: Fix denial of service attack vulnerability CVE-2024-47535 ([#1112](https://github.com/eclipse-tractusx/bpdm/issues/1112))
 
 ## [6.1.0] - [2024-07-15]
 
diff --git a/DEPENDENCIES b/DEPENDENCIES
index 1054214d7..84b9add9c 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -60,7 +60,7 @@ maven/mavencentral/io.netty/netty-codec-http/4.1.114.Final, Apache-2.0 AND BSD-3
 maven/mavencentral/io.netty/netty-codec-http2/4.1.114.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-codec-socks/4.1.114.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-codec/4.1.114.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-common/4.1.114.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
+maven/mavencentral/io.netty/netty-common/4.1.115.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
 maven/mavencentral/io.netty/netty-handler-proxy/4.1.114.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-handler/4.1.114.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
 maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.114.Final, Apache-2.0, approved, #6367
@@ -229,11 +229,11 @@ maven/mavencentral/org.springframework/spring-tx/6.1.14, Apache-2.0, approved, #
 maven/mavencentral/org.springframework/spring-web/6.1.14, Apache-2.0, approved, #15188
 maven/mavencentral/org.springframework/spring-webflux/6.1.14, Apache-2.0, approved, #12593
 maven/mavencentral/org.springframework/spring-webmvc/6.1.14, Apache-2.0, approved, #15182
-maven/mavencentral/org.testcontainers/database-commons/1.20.2, Apache-2.0, approved, #16630
-maven/mavencentral/org.testcontainers/jdbc/1.20.2, Apache-2.0, approved, #16621
-maven/mavencentral/org.testcontainers/junit-jupiter/1.20.2, MIT, approved, #16552
-maven/mavencentral/org.testcontainers/postgresql/1.20.2, MIT, approved, #16627
-maven/mavencentral/org.testcontainers/testcontainers/1.20.2, MIT, approved, #15747
+maven/mavencentral/org.testcontainers/database-commons/1.20.3, Apache-2.0, approved, #16630
+maven/mavencentral/org.testcontainers/jdbc/1.20.3, Apache-2.0, approved, #16621
+maven/mavencentral/org.testcontainers/junit-jupiter/1.20.3, MIT, approved, #16552
+maven/mavencentral/org.testcontainers/postgresql/1.20.3, MIT, approved, #16627
+maven/mavencentral/org.testcontainers/testcontainers/1.20.3, MIT, approved, #15747
 maven/mavencentral/org.webjars/swagger-ui/5.17.14, Apache-2.0 AND MIT, approved, #15701
 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
 maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232
diff --git a/pom.xml b/pom.xml
index fb4b3f9f5..d57407495 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,6 +162,12 @@
                 <artifactId>opencsv</artifactId>
                 <version>${opencsv.version}</version>
             </dependency>
+            <!-- overwrite with newer version to fix vulnerability  -->
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-common</artifactId>
+                <version>4.1.115.Final</version>
+            </dependency>
 
             <!-- Test -->
             <dependency>

From 99dbd766574edb00b358752e34e356289f60f788 Mon Sep 17 00:00:00 2001
From: Nico Koprowski <nico.koprowski@abat.de>
Date: Tue, 12 Nov 2024 17:16:54 +0800
Subject: [PATCH 3/4] fix(Pool): retrieving legacy legal form data

---
 CHANGELOG.md                                                | 3 ++-
 .../org/eclipse/tractusx/bpdm/pool/entity/LegalFormDb.kt    | 2 +-
 .../V6_2_0_4__make_legal_form_active_not_nullable.sql       | 6 ++++++
 3 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 bpdm-pool/src/main/resources/db/migration/V6_2_0_4__make_legal_form_active_not_nullable.sql

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c92bfce13..f27aa5c7d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,7 +38,8 @@ For changes to the BPDM Helm charts please consult the [changelog](charts/bpdm/C
 - BPDM Gate: Fixed construction logic for states and identifiers by enabling business partner type ([#1067](https://github.com/eclipse-tractusx/bpdm/pull/1067))
 - BPDM Pool: When processing golden record tasks the Pool now ignores isCatenaXMemberData field if it is set to null. ([#1069](https://github.com/eclipse-tractusx/bpdm/issues/1069))
 - BPDM Gate: Fixed gate output logic to provide states based on business partner type. ([#1097](https://github.com/eclipse-tractusx/bpdm/pull/1097))
-- BPDM Cleaning Service Dummy: Removed assignment of uncategorized identifier while performing cleaning task process. ([#1098](https://github.com/eclipse-tractusx/bpdm/pull/1098))  
+- BPDM Cleaning Service Dummy: Removed assignment of uncategorized identifier while performing cleaning task process. ([#1098](https://github.com/eclipse-tractusx/bpdm/pull/1098))
+- BPDM Pool: Fix error querying legal forms when non-gleif legacy legal forms are present in the database ([#1107](https://github.com/eclipse-tractusx/bpdm/issues/1107))
 - BPDM: Fix denial of service attack vulnerability CVE-2024-47535 ([#1112](https://github.com/eclipse-tractusx/bpdm/issues/1112))
 
 ## [6.1.0] - [2024-07-15]
diff --git a/bpdm-pool/src/main/kotlin/org/eclipse/tractusx/bpdm/pool/entity/LegalFormDb.kt b/bpdm-pool/src/main/kotlin/org/eclipse/tractusx/bpdm/pool/entity/LegalFormDb.kt
index aaf463754..d320efe43 100644
--- a/bpdm-pool/src/main/kotlin/org/eclipse/tractusx/bpdm/pool/entity/LegalFormDb.kt
+++ b/bpdm-pool/src/main/kotlin/org/eclipse/tractusx/bpdm/pool/entity/LegalFormDb.kt
@@ -54,7 +54,7 @@ class LegalFormDb(
     @JoinColumn(name = "region_id")
     val administrativeArea: RegionDb?,
 
-    @Column(name = "is_active")
+    @Column(name = "is_active", nullable = false)
     val isActive: Boolean
 
 ) : BaseEntity()
diff --git a/bpdm-pool/src/main/resources/db/migration/V6_2_0_4__make_legal_form_active_not_nullable.sql b/bpdm-pool/src/main/resources/db/migration/V6_2_0_4__make_legal_form_active_not_nullable.sql
new file mode 100644
index 000000000..bfc0e8243
--- /dev/null
+++ b/bpdm-pool/src/main/resources/db/migration/V6_2_0_4__make_legal_form_active_not_nullable.sql
@@ -0,0 +1,6 @@
+UPDATE legal_forms
+SET is_active = false
+WHERE is_active IS NULL;
+
+ALTER TABLE legal_forms
+ALTER COLUMN is_active SET NOT NULL;
\ No newline at end of file

From 12fc5fc7e7bfdb13136f4748dbc4b960c627b083 Mon Sep 17 00:00:00 2001
From: Nico Koprowski <nico.koprowski@abat.de>
Date: Tue, 19 Nov 2024 12:49:15 +0800
Subject: [PATCH 4/4] build(release candidate): 6.2.0-rc4

---
 charts/bpdm/Chart.yaml                               | 12 ++++++------
 .../charts/bpdm-cleaning-service-dummy/Chart.yaml    |  4 ++--
 charts/bpdm/charts/bpdm-gate/Chart.yaml              |  4 ++--
 charts/bpdm/charts/bpdm-orchestrator/Chart.yaml      |  4 ++--
 charts/bpdm/charts/bpdm-pool/Chart.yaml              |  4 ++--
 pom.xml                                              |  2 +-
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/charts/bpdm/Chart.yaml b/charts/bpdm/Chart.yaml
index dab1bf01d..eddaeef99 100644
--- a/charts/bpdm/Chart.yaml
+++ b/charts/bpdm/Chart.yaml
@@ -22,8 +22,8 @@ apiVersion: v2
 name: bpdm
 type: application
 description: A Helm chart for Kubernetes that deploys the BPDM applications
-version: 5.2.0-SNAPSHOT
-appVersion: "6.2.0-SNAPSHOT"
+version: 5.2.0-rc4
+appVersion: "6.2.0-rc4"
 home: https://github.com/eclipse-tractusx/bpdm
 sources:
   - https://github.com/eclipse-tractusx/bpdm
@@ -33,19 +33,19 @@ maintainers:
 
 dependencies:
   - name: bpdm-gate
-    version: 6.2.0-SNAPSHOT
+    version: 6.2.0-rc4
     alias: bpdm-gate
     condition: bpdm-gate.enabled
   - name: bpdm-pool
-    version: 7.2.0-SNAPSHOT
+    version: 7.2.0-rc4
     alias: bpdm-pool
     condition: bpdm-pool.enabled
   - name: bpdm-cleaning-service-dummy
-    version: 3.2.0-SNAPSHOT
+    version: 3.2.0-rc4
     alias: bpdm-cleaning-service-dummy
     condition: bpdm-cleaning-service-dummy.enabled
   - name: bpdm-orchestrator
-    version: 3.2.0-SNAPSHOT
+    version: 3.2.0-rc4
     alias: bpdm-orchestrator
     condition: bpdm-orchestrator.enabled
   - name: bpdm-common
diff --git a/charts/bpdm/charts/bpdm-cleaning-service-dummy/Chart.yaml b/charts/bpdm/charts/bpdm-cleaning-service-dummy/Chart.yaml
index d00ba861b..8b87e8de6 100644
--- a/charts/bpdm/charts/bpdm-cleaning-service-dummy/Chart.yaml
+++ b/charts/bpdm/charts/bpdm-cleaning-service-dummy/Chart.yaml
@@ -21,8 +21,8 @@
 apiVersion: v2
 type: application
 name: bpdm-cleaning-service-dummy
-appVersion: "6.2.0-SNAPSHOT"
-version: 3.2.0-SNAPSHOT
+appVersion: "6.2.0-rc4"
+version: 3.2.0-rc4
 description: A Helm chart for deploying the BPDM cleaning service
 home: https://eclipse-tractusx.github.io/docs/kits/Business%20Partner%20Kit/Adoption%20View
 sources:
diff --git a/charts/bpdm/charts/bpdm-gate/Chart.yaml b/charts/bpdm/charts/bpdm-gate/Chart.yaml
index ebfdde5ea..42d1a38ff 100644
--- a/charts/bpdm/charts/bpdm-gate/Chart.yaml
+++ b/charts/bpdm/charts/bpdm-gate/Chart.yaml
@@ -21,8 +21,8 @@
 apiVersion: v2
 type: application
 name: bpdm-gate
-appVersion: "6.2.0-SNAPSHOT"
-version: 6.2.0-SNAPSHOT
+appVersion: "6.2.0-rc4"
+version: 6.2.0-rc4
 description: A Helm chart for deploying the BPDM gate service
 home: https://eclipse-tractusx.github.io/docs/kits/Business%20Partner%20Kit/Adoption%20View
 sources:
diff --git a/charts/bpdm/charts/bpdm-orchestrator/Chart.yaml b/charts/bpdm/charts/bpdm-orchestrator/Chart.yaml
index 36c6a9907..ca0ef584e 100644
--- a/charts/bpdm/charts/bpdm-orchestrator/Chart.yaml
+++ b/charts/bpdm/charts/bpdm-orchestrator/Chart.yaml
@@ -21,8 +21,8 @@
 apiVersion: v2
 type: application
 name: bpdm-orchestrator
-appVersion: "6.2.0-SNAPSHOT"
-version: 3.2.0-SNAPSHOT
+appVersion: "6.2.0-rc4"
+version: 3.2.0-rc4
 description: A Helm chart for deploying the BPDM Orchestrator service
 home: https://eclipse-tractusx.github.io/docs/kits/Business%20Partner%20Kit/Adoption%20View
 sources:
diff --git a/charts/bpdm/charts/bpdm-pool/Chart.yaml b/charts/bpdm/charts/bpdm-pool/Chart.yaml
index 960bb5c60..6a2b05d27 100644
--- a/charts/bpdm/charts/bpdm-pool/Chart.yaml
+++ b/charts/bpdm/charts/bpdm-pool/Chart.yaml
@@ -21,8 +21,8 @@
 apiVersion: v2
 type: application
 name: bpdm-pool
-appVersion: "6.2.0-SNAPSHOT"
-version: 7.2.0-SNAPSHOT
+appVersion: "6.2.0-rc4"
+version: 7.2.0-rc4
 description: A Helm chart for deploying the BPDM pool service
 home: https://eclipse-tractusx.github.io/docs/kits/Business%20Partner%20Kit/Adoption%20View
 sources:
diff --git a/pom.xml b/pom.xml
index d57407495..6e4256694 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
     </modules>
 
     <properties>
-        <revision>6.2.0-SNAPSHOT</revision>
+        <revision>6.2.0-rc4</revision>
         <java.version>21</java.version>
         <maven.compiler.source>21</maven.compiler.source>
         <maven.compiler.target>21</maven.compiler.target>