From b1daf91bb99b00262e2c0842fbe8893ecee345d5 Mon Sep 17 00:00:00 2001
From: Valery Kharseko <vharseko@3a-systems.ru>
Date: Thu, 17 Oct 2024 21:14:14 +0300
Subject: [PATCH] CVE-2016-6814 Deserialization of Untrusted Data in Groovy
 CVE-2020-17521 Information Disclosure in Apache Groovy (#53)

---
 OpenICF-groovy-connector/pom.xml                       |  8 +-------
 .../connector-framework-server/pom.xml                 |  3 ++-
 .../connector-server-grizzly/pom.xml                   |  3 ++-
 OpenICF-java-framework/connector-server-jetty/pom.xml  |  1 -
 OpenICF-java-framework/pom.xml                         |  8 --------
 OpenICF-kerberos-connector/pom.xml                     | 10 ++--------
 OpenICF-ssh-connector/pom.xml                          | 10 ++--------
 pom.xml                                                |  5 +++++
 8 files changed, 14 insertions(+), 34 deletions(-)

diff --git a/OpenICF-groovy-connector/pom.xml b/OpenICF-groovy-connector/pom.xml
index f0e41062..48d4fce6 100644
--- a/OpenICF-groovy-connector/pom.xml
+++ b/OpenICF-groovy-connector/pom.xml
@@ -248,13 +248,7 @@
                         </goals>
                     </execution>
                 </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.codehaus.groovy</groupId>
-                        <artifactId>groovy-all</artifactId>
-                        <version>${groovy.version}</version>
-                    </dependency>
-                </dependencies>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
diff --git a/OpenICF-java-framework/connector-framework-server/pom.xml b/OpenICF-java-framework/connector-framework-server/pom.xml
index deeddde3..5c3ff362 100644
--- a/OpenICF-java-framework/connector-framework-server/pom.xml
+++ b/OpenICF-java-framework/connector-framework-server/pom.xml
@@ -21,6 +21,8 @@
  with the fields enclosed by brackets [] replaced by
  your own identifying information:
  "Portions Copyrighted [year] [name of copyright owner]"
+
+  Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
@@ -129,7 +131,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>${groovy.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/OpenICF-java-framework/connector-server-grizzly/pom.xml b/OpenICF-java-framework/connector-server-grizzly/pom.xml
index e43f352c..767b28c2 100644
--- a/OpenICF-java-framework/connector-server-grizzly/pom.xml
+++ b/OpenICF-java-framework/connector-server-grizzly/pom.xml
@@ -21,6 +21,8 @@
  with the fields enclosed by brackets [] replaced by
  your own identifying information:
  "Portions Copyrighted [year] [name of copyright owner]"
+
+  Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
@@ -96,7 +98,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>${groovy.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/OpenICF-java-framework/connector-server-jetty/pom.xml b/OpenICF-java-framework/connector-server-jetty/pom.xml
index e8e42705..a4e2dfa1 100644
--- a/OpenICF-java-framework/connector-server-jetty/pom.xml
+++ b/OpenICF-java-framework/connector-server-jetty/pom.xml
@@ -83,7 +83,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>${groovy.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/OpenICF-java-framework/pom.xml b/OpenICF-java-framework/pom.xml
index 76c25671..ed4ccc8d 100644
--- a/OpenICF-java-framework/pom.xml
+++ b/OpenICF-java-framework/pom.xml
@@ -54,7 +54,6 @@
 
         <slf4j.version>1.7.36</slf4j.version>
         <logback.version>1.2.13</logback.version>
-        <groovy.version>2.4.21</groovy.version>
         <grizzly.version>2.3.35</grizzly.version>
         <protobuf-java.version>3.0.2</protobuf-java.version>
 
@@ -120,13 +119,6 @@
 
     <dependencyManagement>
         <dependencies>
-            <!-- Provided Dependencies -->
-            <dependency>
-                <groupId>org.codehaus.groovy</groupId>
-                <artifactId>groovy-all</artifactId>
-                <version>${groovy.version}</version>
-                <scope>provided</scope>
-            </dependency>
             <!-- Test Dependencies -->
             <dependency>
                 <groupId>org.openidentityplatform.openicf.framework</groupId>
diff --git a/OpenICF-kerberos-connector/pom.xml b/OpenICF-kerberos-connector/pom.xml
index f1e071e9..9ceea3a8 100644
--- a/OpenICF-kerberos-connector/pom.xml
+++ b/OpenICF-kerberos-connector/pom.xml
@@ -13,6 +13,7 @@
 * information: "Portions copyright [year] [name of copyright owner]".
 *
 * Copyright 2016 ForgeRock AS.
+* Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -57,7 +58,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>2.4.7</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -88,13 +88,7 @@
                         </goals>
                     </execution>
                 </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.codehaus.groovy</groupId>
-                        <artifactId>groovy-all</artifactId>
-                        <version>${groovy.version}</version>
-                    </dependency>
-                </dependencies>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
diff --git a/OpenICF-ssh-connector/pom.xml b/OpenICF-ssh-connector/pom.xml
index 363fa913..ecdf1e8d 100644
--- a/OpenICF-ssh-connector/pom.xml
+++ b/OpenICF-ssh-connector/pom.xml
@@ -23,6 +23,7 @@
   ~ your own identifying information:
   ~ "Portions Copyrighted [year] [name of copyright owner]"
   ~
+  ~ Portions Copyrighted 2018-2024 3A Systems, LLC
 -->
 
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
@@ -52,7 +53,6 @@
         <dependency>
             <groupId>org.codehaus.groovy</groupId>
             <artifactId>groovy-all</artifactId>
-            <version>2.4.7</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -110,13 +110,7 @@
                         </goals>
                     </execution>
                 </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.codehaus.groovy</groupId>
-                        <artifactId>groovy-all</artifactId>
-                        <version>${groovy.version}</version>
-                    </dependency>
-                </dependencies>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
diff --git a/pom.xml b/pom.xml
index b943de0d..8eef3cc3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -227,6 +227,11 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>org.codehaus.groovy</groupId>
+                <artifactId>groovy-all</artifactId>
+                <version>2.4.21</version>
+            </dependency>
             <dependency>
                 <groupId>org.openidentityplatform.openicf.framework</groupId>
                 <artifactId>connector-framework</artifactId>