- Update Spring boot Version
- Update dependency check version
- Exclude irrelevant nodejs cve
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
Detail
------
Add a dependency check plugin to find reported issues with dependencies
we use.
From adding this, there were quite a few false positives which are
documented in airsonic-main/cve-suppressed.xml. The applicable
vulnerabilities are as follows:
```
commons-fileupload-1.2.jar (commons-fileupload:commons-fileupload:1.2,
cpe:/a:apache:commons_fileupload:1.2) : CVE-2016-3092, CVE-2016-1000031,
CVE-2014-0050, CVE-2013-0248
castor-core-1.3.1.jar (cpe:/a:castor:castor:1.3.1,
cpe:/a:castor_project:castor:1.3.1,
org.codehaus.castor:castor-core:1.3.1) : CVE-2014-3004
tomcat-embed-core-8.5.16.jar (cpe:/a:apache_software_foundation:tomcat:8.5.16, cpe:/a:apache:tomcat:8.5.16, cpe:/a:apache_tomcat:apache_tomcat:8.5.16, org.apache.tomcat.embed:tomcat-embed-core:8.5.16) : CVE-2017-12617
```
CVE-2016-1000031 is rated as CRITICAL, but we do not deserialize content
from any multipart uploads so doesn't apply.
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
- Added enforcer plugin
- Fix some version conflicts
- Moved custom initializer to spring.factories
- Bump spring boot version
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
Tag for docker image is set from project version.
To build docker image for the project run:
- mvn package
- mvn -N dockerfile:build
Created docker image can be uploaded to the docker hub:
- mvn -N dockerfile:push
Signed-off-by: Yahor Berdnikau <egorr.berd@gmail.com>
- Fixed tomcat deployment
- Removed web.xml
- Migrated to servlet api 3
- Added back in logging error resolver
- Fixed error jsp page not working
- Fixed login path when deployed to tomcat
- Cleanup custom liquibase precondition class
- Made the hsql index check more robust
Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>