Release 5.5.1 (#649)

* fix: RemoteLicenseLink note (#643) Fixed issue where RemoteLicenseLink note was not being rendered ERM-2639 * build: hibernate patch deps (#646) Small bump to hibernate-core and hibernate-java8 to bring up to patch 28 and remove SQL injection vulnerability ERM-2642 * chore: Rmeove package status handling (#647) Removed status handling for packages in GoKBOAIAdaptor and PackageIngestService (They weren't doing anything anyway) ERM-2791 * ERM-2643 handlebars rhino (XML External Entity (XXE) Injection) (#648) * upgrade com.github.jknack:handlebars-helpers to version 4.3.1 * chore: Release 5.1.1 Bumped gradle.properties version number, updated changelog ERM-2640 --------- Co-authored-by: CalamityC <[email protected]>
folio-org · Mar 14, 2023 · 8d38995 · 8d38995
1 parent 8075286
commit 8d38995
Show file tree

Hide file tree

Showing 6 changed files with 252 additions and 264 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -1,3 +1,9 @@
+## 5.5.1 2023-03-14
+  * ERM-2791 Simplification of package status handling
+  * ERM-2643 handlebars rhino (XML External Entity (XXE) Injection)
+  * ERM-2642 Hibernate JPA Criteria SQL Injection (CVE-2020-25638)
+  * ERM-2639 Note not saved with license link
+
 ## 5.5.0 2023-02-20
   * ERM-2638 No name of linked agreement in license
   * ERM-2629 Add Description filter to Agreements dashboard widget

diff --git a/service/build.gradle b/service/build.gradle
@@ -1,7 +1,7 @@
-configurations.all {
+/* configurations.all {
   // Check for updates every build
   resolutionStrategy.cacheChangingModulesFor 0, 'seconds'
-}
+} */
 
 buildscript {
   repositories {
@@ -161,8 +161,8 @@ dependencies {
 
   /*** Application changes and requirements ***/
   compile "org.springframework.boot:spring-boot-starter-undertow" // Replaces spring-boot-starter-tomcat
-  compile "org.hibernate:hibernate-core:5.4.19.Final"             // Update to latest 5.4
-  compile "org.hibernate:hibernate-java8:5.4.19.Final"
+  compile "org.hibernate:hibernate-core:5.4.28.Final"             // Update to latest 5.4
+  compile "org.hibernate:hibernate-java8:5.4.28.Final"
   runtime "com.zaxxer:HikariCP:3.4.5"                             // Replaces Tomcat JDBC pool
   runtime "org.postgresql:postgresql:42.5.3"
 
@@ -179,7 +179,7 @@ dependencies {
   compile 'com.k_int.okapi:grails-okapi:5.0.1'
 
   compile 'uk.co.cacoethes:groovy-handlebars-engine:0.2'
-  compile 'com.github.jknack:handlebars-helpers:2.0.0'
+  compile 'com.github.jknack:handlebars-helpers:4.3.1'
   compile 'commons-fileupload:commons-fileupload:1.4'
 
   // Minio for file storage to S3

diff --git a/service/gradle.properties b/service/gradle.properties
@@ -11,7 +11,7 @@ gradleWrapperVersion=5.4
 
 # Application
 appName=mod-agreements
-appVersion=5.5.0
+appVersion=5.5.1
 dockerTagSuffix=
 dockerRepo=folioci