Author: jleroux Date: Tue Aug 23 07:35:32 2016 New Revision: 1757318 URL: http://svn.apache.org/viewvc?rev=1757318&view=rev Log: A 1st step for "Upgrade Tomcat to 8.5.3 (or 8.0.36)" - https://issues.apache.org/jira/browse/OFBIZ-7348
This is a security issue which was pending for too long. It only updates Tomcat to 8.0.36 because I got issues with 8.5.3 when just changing to 8.0.36 in build.gradle files worked. I also changed the version number in LICENSE, even if some libs are only downloaded by Gradle as dependencies of the main present in build.gradle, this is a WIP. I have investigated if we really need to have all the external jar libs in LICENSE even if we don't deliver them in 1st place, but are still used when building, see http://markmail.org/message/emnu6s5wu2yuyith Modified: ofbiz/trunk/LICENSE ofbiz/trunk/build.gradle ofbiz/trunk/specialpurpose/example/build.gradle Modified: ofbiz/trunk/LICENSE URL: http://svn.apache.org/viewvc/ofbiz/trunk/LICENSE?rev=1757318&r1=1757317&r2=1757318&view=diff ============================================================================== --- ofbiz/trunk/LICENSE (original) +++ ofbiz/trunk/LICENSE Tue Aug 23 07:35:32 2016 @@ -83,18 +83,18 @@ framework/base/lib/scripting/jansi-1.2.1 framework/base/lib/xmlrpc-client-3.1.2.jar framework/base/lib/xmlrpc-common-3.1.2.jar framework/base/lib/xmlrpc-server-3.1.2.jar -framework/catalina/lib/tomcat-8.0.33-catalina-ha.jar -framework/catalina/lib/tomcat-8.0.33-catalina-tribes.jar -framework/catalina/lib/tomcat-8.0.33-catalina.jar -framework/catalina/lib/tomcat-8.0.33-jasper.jar -framework/catalina/lib/tomcat-8.0.33-tomcat-api.jar -framework/catalina/lib/tomcat-8.0.33-tomcat-coyote.jar -framework/catalina/lib/tomcat-8.0.33-tomcat-jni.jar -framework/catalina/lib/tomcat-8.0.33-tomcat-util-scan.jar -framework/catalina/lib/tomcat-8.0.33-tomcat-util.jar -framework/catalina/lib/tomcat-extras-8.0.33-tomcat-juli.jar -framework/catalina/lib/tomcat-extras-8.0.33-tomcat-juli-adapters.jar -framework/catalina/lib/tomcat-embed-websocket-8.0.33.jar +framework/catalina/lib/tomcat-8.0.36-catalina-ha.jar +framework/catalina/lib/tomcat-8.0.36-catalina-tribes.jar +framework/catalina/lib/tomcat-8.0.36-catalina.jar +framework/catalina/lib/tomcat-8.0.36-jasper.jar +framework/catalina/lib/tomcat-8.0.36-tomcat-api.jar +framework/catalina/lib/tomcat-8.0.36-tomcat-coyote.jar +framework/catalina/lib/tomcat-8.0.36-tomcat-jni.jar +framework/catalina/lib/tomcat-8.0.36-tomcat-util-scan.jar +framework/catalina/lib/tomcat-8.0.36-tomcat-util.jar +framework/catalina/lib/tomcat-extras-8.0.36-tomcat-juli.jar +framework/catalina/lib/tomcat-extras-8.0.36-tomcat-juli-adapters.jar +framework/catalina/lib/tomcat-embed-websocket-8.0.36.jar framework/entity/lib/commons-dbcp2-2.1.jar framework/entity/lib/jdbc/derby-10.11.1.1.jar framework/geronimo/lib/geronimo-transaction-3.1.1.jar Modified: ofbiz/trunk/build.gradle URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.gradle?rev=1757318&r1=1757317&r2=1757318&view=diff ============================================================================== --- ofbiz/trunk/build.gradle (original) +++ ofbiz/trunk/build.gradle Tue Aug 23 07:35:32 2016 @@ -99,10 +99,10 @@ dependencies { compile 'org.apache.shiro:shiro-core:1.3.0' compile 'org.apache.tika:tika-core:1.12' compile 'org.apache.tika:tika-parsers:1.12' - compile 'org.apache.tomcat:tomcat-catalina-ha:8.0.33' - compile 'org.apache.tomcat:tomcat-catalina:8.0.33' - compile 'org.apache.tomcat:tomcat-jasper:8.0.33' - compile 'org.apache.tomcat:tomcat-tribes:8.0.33' + compile 'org.apache.tomcat:tomcat-catalina-ha:8.0.36' + compile 'org.apache.tomcat:tomcat-catalina:8.0.36' + compile 'org.apache.tomcat:tomcat-jasper:8.0.36' + compile 'org.apache.tomcat:tomcat-tribes:8.0.36' compile 'org.apache.xmlgraphics:fop:2.1' compile 'org.apache.xmlrpc:xmlrpc-client:3.1.2' compile 'org.apache.xmlrpc:xmlrpc-server:3.1.2' @@ -148,7 +148,7 @@ dependencies { runtime 'org.apache.logging.log4j:log4j-1.2-api:2.3' runtime 'org.apache.logging.log4j:log4j-nosql:2.3' runtime 'org.apache.servicemix.bundles:org.apache.servicemix.bundles.xpp3:1.1.4c_7' - runtime 'org.apache.tomcat.extras:tomcat-extras-juli-adapters:8.0.33' + runtime 'org.apache.tomcat.extras:tomcat-extras-juli-adapters:8.0.36' runtime 'org.apache.xalan:com.springsource.org.apache.xml.serializer:2.7.1' runtime 'ws-commons-java5:ws-commons-java5:1.0.1' Modified: ofbiz/trunk/specialpurpose/example/build.gradle URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/example/build.gradle?rev=1757318&r1=1757317&r2=1757318&view=diff ============================================================================== --- ofbiz/trunk/specialpurpose/example/build.gradle (original) +++ ofbiz/trunk/specialpurpose/example/build.gradle Tue Aug 23 07:35:32 2016 @@ -1,3 +1,3 @@ dependencies { - pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:8.0.33' + pluginLibsCompile 'org.apache.tomcat.embed:tomcat-embed-websocket:8.0.36' } \ No newline at end of file
