From 7097365f941c72095a1f9fc288d8e202658626f2 Mon Sep 17 00:00:00 2001 From: Holger Friedrich Date: Sat, 30 Mar 2024 07:32:17 +0100 Subject: [PATCH] Upgrade Karaf from 4.4.5 to 4.4.6 * Sync runtime dependencies with Karaf 4.4.6, most notably: * Jetty 9.4.54.v20240208, addresses CVE-2024-22201 * Pax Logging 2.2.7 * Pax Web 8.0.27 * ASM 9.7 Signed-off-by: Holger Friedrich --- .../openhab/src/main/resources/bin/karaf | 4 +- .../openhab/src/main/resources/bin/karaf.bat | 4 +- launch/app/app.bndrun | 50 +++++++++---------- pom.xml | 2 +- 4 files changed, 30 insertions(+), 30 deletions(-) diff --git a/distributions/openhab/src/main/resources/bin/karaf b/distributions/openhab/src/main/resources/bin/karaf index bc3a799280..34fe1aba7f 100755 --- a/distributions/openhab/src/main/resources/bin/karaf +++ b/distributions/openhab/src/main/resources/bin/karaf @@ -306,8 +306,8 @@ run() { ${KARAF_EXEC} "${JAVA}" ${JAVA_OPTS} \ --add-reads=java.xml=java.logging \ --add-exports=java.base/org.apache.karaf.specs.locator=java.xml,ALL-UNNAMED \ - --patch-module java.base="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.locator-4.4.5.jar" \ - --patch-module java.xml="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.java.xml-4.4.5.jar" \ + --patch-module java.base="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.locator-4.4.6.jar" \ + --patch-module java.xml="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.java.xml-4.4.6.jar" \ --add-opens java.base/java.security=ALL-UNNAMED \ --add-opens java.base/java.net=ALL-UNNAMED \ --add-opens java.base/java.lang=ALL-UNNAMED \ diff --git a/distributions/openhab/src/main/resources/bin/karaf.bat b/distributions/openhab/src/main/resources/bin/karaf.bat index f9ccdc6f28..349db43a6c 100644 --- a/distributions/openhab/src/main/resources/bin/karaf.bat +++ b/distributions/openhab/src/main/resources/bin/karaf.bat @@ -414,8 +414,8 @@ if "%KARAF_PROFILER%" == "" goto :RUN "%JAVA%" %JAVA_OPTS% %OPTS% ^ --add-reads=java.xml=java.logging ^ --add-exports=java.base/org.apache.karaf.specs.locator=java.xml,ALL-UNNAMED ^ - --patch-module java.base="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.locator-4.4.5.jar" ^ - --patch-module java.xml="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.java.xml-4.4.5.jar" ^ + --patch-module java.base="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.locator-4.4.6.jar" ^ + --patch-module java.xml="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.java.xml-4.4.6.jar" ^ --add-opens java.base/java.security=ALL-UNNAMED ^ --add-opens java.base/java.net=ALL-UNNAMED ^ --add-opens java.base/java.lang=ALL-UNNAMED ^ diff --git a/launch/app/app.bndrun b/launch/app/app.bndrun index 54b3acf59e..206cc8aa7f 100644 --- a/launch/app/app.bndrun +++ b/launch/app/app.bndrun @@ -123,8 +123,8 @@ feature.openhab-model-runtime-all: \ # done # -runbundles: \ - org.ops4j.pax.logging.pax-logging-api;version='[2.2.6,2.2.7)',\ - org.ops4j.pax.logging.pax-logging-log4j2;version='[2.2.6,2.2.7)',\ + org.ops4j.pax.logging.pax-logging-api;version='[2.2.7,2.2.8)',\ + org.ops4j.pax.logging.pax-logging-log4j2;version='[2.2.7,2.2.8)',\ com.fasterxml.jackson.core.jackson-annotations;version='[2.16.0,2.16.1)',\ com.fasterxml.jackson.core.jackson-core;version='[2.16.0,2.16.1)',\ com.fasterxml.jackson.core.jackson-databind;version='[2.16.0,2.16.1)',\ @@ -133,14 +133,14 @@ feature.openhab-model-runtime-all: \ com.fasterxml.jackson.datatype.jackson-datatype-jsr310;version='[2.16.0,2.16.1)',\ com.fasterxml.woodstox.woodstox-core;version='[6.5.1,6.5.2)',\ com.google.gson;version='[2.10.1,2.10.2)',\ - com.google.guava;version='[33.0.0,33.0.1)',\ + com.google.guava;version='[33.1.0,33.1.1)',\ com.google.guava.failureaccess;version='[1.0.2,1.0.3)',\ com.google.inject;version='[7.0.0,7.0.1)',\ com.sun.jna;version='[5.14.0,5.14.1)',\ com.sun.xml.bind.jaxb-osgi;version='[2.3.8,2.3.9)',\ de.focus_shift.jollyday-core;version='[0.27.0,0.27.1)',\ de.focus_shift.jollyday-jackson;version='[0.27.0,0.27.1)',\ - io.github.classgraph.classgraph;version='[4.8.165,4.8.166)',\ + io.github.classgraph.classgraph;version='[4.8.168,4.8.169)',\ io.methvin.directory-watcher;version='[0.18.0,0.18.1)',\ io.swagger.core.v3.swagger-annotations;version='[2.2.15,2.2.16)',\ io.swagger.core.v3.swagger-core;version='[2.2.15,2.2.16)',\ @@ -185,26 +185,26 @@ feature.openhab-model-runtime-all: \ org.eclipse.equinox.common;version='[3.17.100,3.17.101)',\ org.eclipse.equinox.event;version='[1.6.200,1.6.201)',\ org.eclipse.equinox.metatype;version='[1.4.500,1.4.501)',\ - org.eclipse.jetty.alpn.client;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.client;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.http;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.http2.client;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.http2.common;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.http2.hpack;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.io;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.jaas;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.proxy;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.security;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.server;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.servlet;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.util;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.util.ajax;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.websocket.api;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.websocket.client;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.websocket.common;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.websocket.server;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.websocket.servlet;version='[9.4.53,9.4.54)',\ - org.eclipse.jetty.xml;version='[9.4.53,9.4.54)',\ + org.eclipse.jetty.alpn.client;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.client;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.http;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.http2.client;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.http2.common;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.http2.hpack;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.io;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.jaas;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.proxy;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.security;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.server;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.servlet;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.util;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.util.ajax;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.websocket.api;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.websocket.client;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.websocket.common;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.websocket.server;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.websocket.servlet;version='[9.4.54,9.4.55)',\ + org.eclipse.jetty.xml;version='[9.4.54,9.4.55)',\ org.eclipse.xtend.lib;version='[2.34.0,2.34.1)',\ org.eclipse.xtend.lib.macro;version='[2.34.0,2.34.1)',\ org.eclipse.xtext;version='[2.34.0,2.34.1)',\ @@ -215,7 +215,7 @@ feature.openhab-model-runtime-all: \ org.glassfish.hk2.external.aopalliance-repackaged;version='[2.4.0,2.4.1)',\ org.glassfish.hk2.external.javax.inject;version='[2.4.0,2.4.1)',\ org.glassfish.hk2.osgi-resource-locator;version='[1.0.3,1.0.4)',\ - org.objectweb.asm;version='[9.6.0,9.6.1)',\ + org.objectweb.asm;version='[9.7.0,9.7.1)',\ org.objectweb.asm.commons;version='[9.6.0,9.6.1)',\ org.objectweb.asm.tree;version='[9.6.0,9.6.1)',\ org.objectweb.asm.tree.analysis;version='[9.6.0,9.6.1)',\ diff --git a/pom.xml b/pom.xml index 234e2a63b8..38407354aa 100644 --- a/pom.xml +++ b/pom.xml @@ -61,7 +61,7 @@ 4.2.0-SNAPSHOT 4.2.0-SNAPSHOT - 4.4.5 + 4.4.6 17 ${oh.java.version}