Merge pull request #5 from dm-drogeriemarkt/feature/owasp

Feature/owasp
dm-drogeriemarkt · Nov 22, 2018 · 3ef012d · 3ef012d
2 parents 7d4fbe4 + b416ddd
commit 3ef012d
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ First, include the dm retrylib Spring Boot Starter dependency in your pom.xml:
         <dependency>
             <groupId>de.dm.retrylib</groupId>
             <artifactId>retrylib-spring-boot-starter</artifactId>
-            <version>0.9.1</version>
+            <version>1.0.1</version>
          </dependency>
     </dependencies>
 </project>

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+    <!-- This is a false positive, therefore we exclude it -->
+    <suppress>
+        <notes><![CDATA[
+   file name: affinity-3.1.10.jar
+   ]]></notes>
+        <gav regex="true">^net\.openhft:affinity:.*$</gav>
+        <cve>CVE-2018-13752</cve>
+    </suppress>
+</suppressions>
diff --git a/pom.xml b/pom.xml
@@ -43,7 +43,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.3.6.RELEASE</version>
+        <version>1.5.17.RELEASE</version>
         <relativePath /> <!-- lookup parent from repository -->
     </parent>
 
@@ -75,8 +75,19 @@
         <dependency>
             <groupId>net.openhft</groupId>
             <artifactId>chronicle-map</artifactId>
-            <version>3.14.5</version>
+            <version>3.17.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.thoughtworks.xstream</groupId>
+                    <artifactId>xstream</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.ops4j.pax.url</groupId>
+                    <artifactId>pax-url-aether</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -217,7 +228,8 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>3.3.2</version>
                 <configuration>
-                    <failBuildOnCVSS>11</failBuildOnCVSS>
+                    <failBuildOnCVSS>0</failBuildOnCVSS>
+                    <suppressionFile>dependency-check-suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
                     <execution>