other(cve): Fix 2 Critical CVEs (#3399)

* other(cve): Fix 2 Critical CVEs * other(cve): Fix CVE-2024-31573
camunda · Oct 1, 2024 · 2467e02 · 2467e02
1 parent fddd375
commit 2467e02
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/bundle/camunda-saas-bundle/pom.xml b/bundle/camunda-saas-bundle/pom.xml
@@ -28,6 +28,13 @@
       <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
     </dependency>
 
+    <!-- Fix CVE-2024-7254 -->
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java-util</artifactId>
+      <version>3.25.5</version>
+    </dependency>
+
     <dependency>
       <groupId>io.camunda.connector</groupId>
       <artifactId>connector-gcp-secret-provider</artifactId>

diff --git a/connectors-e2e-test/connectors-e2e-test-base/pom.xml b/connectors-e2e-test/connectors-e2e-test-base/pom.xml
@@ -14,6 +14,12 @@
     <packaging>jar</packaging>
 
     <dependencies>
+        <!-- Fix CVE-2024-31573 -->
+        <dependency>
+            <groupId>org.xmlunit</groupId>
+            <artifactId>xmlunit-core</artifactId>
+            <version>2.10.0</version>
+        </dependency>
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
             <artifactId>json-path</artifactId>

diff --git a/connectors/kafka/pom.xml b/connectors/kafka/pom.xml
@@ -35,6 +35,13 @@ except in compliance with the proprietary license.</license.inlineheader>
 
   <dependencies>
 
+    <!-- Fix CVE-2022-36944 -->
+    <dependency>
+      <groupId>org.scala-lang</groupId>
+      <artifactId>scala-library</artifactId>
+      <version>2.13.15</version>
+    </dependency>
+
     <dependency>
       <groupId>org.apache.kafka</groupId>
       <artifactId>kafka-clients</artifactId>