diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
index be4fea70..c04415a1 100644
--- a/.mvn/wrapper/maven-wrapper.properties
+++ b/.mvn/wrapper/maven-wrapper.properties
@@ -1 +1 @@
-distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d90b3373..7177b02b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+## [v1.7.3-1] - 2024-08-05
+
+### Changed
+- [#220] Update base image to java:21.0.3-4
+- [#220] Update Sprint Boot Starter to 3.3.2
+- [#220] Update Spring to 6.1.11
+- [#220] Update CAS-Client to 4.0.4
+- [#220] Update Maven to 3.9.8
+- [#220] Update JAXB to 2.3.1
+- [#220] Update Snakeyaml to 2.2
+- [#220] Update Guava to 33.2.1-jre
+- [#220] Update slf4j to 2.0.13
+- [#220] Update Logback to 1.5.6
+- [#220] Update cloudogu/VersionName to 2.1.0
+- [#220] Update jakarta.servlet-api to 6.1.0
+- [#220] Update httpclient5 to 5.3.1
+- [#220] Update NodeJs dev-server to 22.5.1
+- [#220] Update Yarn to 1.22.22
+- [#220] Update Jacoco to 0.8.12
+
+### Fixed
+- [#220] use pinned version of jetbrains annotations 24.1.0
+- [#220] fix [Fasterxml DoS vulnerability](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)
+
## [v1.7.2-2] - 2024-07-01
### Changed
- Update base image to java:17.0.11-3 to use doguctl v0.12.0 (#92)
diff --git a/Dockerfile b/Dockerfile
index 4e5b2006..9020fe80 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM eclipse-temurin:17.0.11_9-jdk as builder
+FROM eclipse-temurin:21.0.4_7-jdk as builder
ENV SMEAGOL_DIR=/usr/src/smeagol
COPY mvnw pom.xml package.json yarn.lock .prettierrc ${SMEAGOL_DIR}/
@@ -16,9 +16,9 @@ RUN set -x \
-FROM registry.cloudogu.com/official/java:17.0.11-3
+FROM registry.cloudogu.com/official/java:21.0.3-4
LABEL NAME="official/smeagol" \
- VERSION="1.7.2-2" \
+ VERSION="1.7.3-1" \
maintainer="hello@cloudogu.com"
ENV SERVICE_TAGS=webapp \
diff --git a/Jenkinsfile b/Jenkinsfile
index 5cd4734e..de94eea9 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -22,7 +22,7 @@ parallel(
node() { // No specific label
timestamps {
- def mvnDockerName = '3.6-openjdk-17'
+ def mvnDockerName = '3.9.8-eclipse-temurin-21'
Maven mvn = new MavenInDocker(this, mvnDockerName)
stage('Checkout') {
diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
index e5dbf6d2..67bbe80b 100644
--- a/docs/gui/release_notes_de.md
+++ b/docs/gui/release_notes_de.md
@@ -4,12 +4,18 @@ Im Folgenden finden Sie die Release Notes für Smeagol.
Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https://docs.cloudogu.com/de/docs/dogus/smeagol/CHANGELOG/).
+## Release 1.7.3-1
+
+**Das Release behebt einen ([DoS-Angriffsvektor](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). Ein Update ist daher empfohlen.**
+
+Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
+
## Release 1.7.2-2
Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
## Release 1.7.2-1
-> Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.
+**Das Release behebt eine kritische Sicherheitslücke ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). Ein Update ist daher empfohlen.**
-Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
\ No newline at end of file
+Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.
diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
index bb5c43a2..408bb1db 100644
--- a/docs/gui/release_notes_en.md
+++ b/docs/gui/release_notes_en.md
@@ -4,12 +4,18 @@ Below you will find the release notes for Smeagol.
Technical details on a release can be found in the corresponding [Changelog](https://docs.cloudogu.com/en/docs/dogus/smeagol/CHANGELOG/).
+## Release 1.7.3-1
+
+** The release fixes a ([DoS attack vector](https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538)). An update is therefore recommended.**
+
+We have only made technical changes. You can find more details in the changelogs.
+
## Release 1.7.2-2
We have only made technical changes. You can find more details in the changelogs.
## Release 1.7.2-1
-> The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.
+**The release fixes a critical security vulnerability ([CVE-2022-31129](https://nvd.nist.gov/vuln/detail/CVE-2022-31129)). An update is therefore recommended.**
-We have only made technical changes. You can find more details in the changelogs.
\ No newline at end of file
+We have only made technical changes. You can find more details in the changelogs.
diff --git a/dogu.json b/dogu.json
index 2467207e..3a960e52 100644
--- a/dogu.json
+++ b/dogu.json
@@ -1,6 +1,6 @@
{
"Name": "official/smeagol",
- "Version": "1.7.2-2",
+ "Version": "1.7.3-1",
"DisplayName": "Smeagol",
"Description": "Store your technical documentation with in your git repositories",
"Category": "Development Apps",
diff --git a/package.json b/package.json
index e222cf12..e72e2560 100644
--- a/package.json
+++ b/package.json
@@ -1,17 +1,17 @@
{
"name": "smeagol",
- "version": "1.7.2-2",
+ "version": "1.7.3-1",
"private": true,
"dependencies": {
"ces-theme": "https://github.com/cloudogu/ces-theme.git#v0.7.2",
"classnames": "^2.2.5",
+ "dayjs": "^1.11.10",
"highlight.js": "^10.4.1",
"history": "^4.7.2",
"i18next": "^10.3.0",
"i18next-browser-languagedetector": "^2.1.0",
"i18next-fetch-backend": "^0.1.0",
"i18next-resource-store-loader": "^0.1.2",
- "dayjs": "^1.11.10",
"object-assign": "4.1.1",
"promise": "8.0.1",
"query-string": "^5.0.1",
diff --git a/pom.xml b/pom.xml
index 58aa2b8b..27bd56fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,13 +6,13 @@
org.springframework.boot
spring-boot-starter-parent
- 3.0.5
+ 3.3.2
com.cloudogu.wiki
smeagol
- 1.7.2-2
+ 1.7.3-1
smeagol
war
@@ -39,7 +39,7 @@
org.springframework
spring-web
- 6.0.7
+ 6.1.11
@@ -62,7 +62,7 @@
org.yaml
snakeyaml
- 2.0
+ 2.2
@@ -149,7 +149,7 @@
com.google.guava
guava
- 30.1-jre
+ 33.2.1-jre
@@ -157,20 +157,20 @@
org.slf4j
slf4j-api
- 2.0.5
+ 2.0.13
ch.qos.logback
logback-classic
- 1.4.6
+ 1.5.6
com.cloudogu.versionName
versionName
- 2.0.0
+ 2.1.0
junit
@@ -181,20 +181,20 @@
org.jetbrains
annotations
- RELEASE
+ 24.1.0
compile
jakarta.servlet
jakarta.servlet-api
- 6.0.0
+ 6.1.0
org.apache.httpcomponents.client5
httpclient5
- 5.2.1
+ 5.3.1
@@ -269,11 +269,11 @@
2.5.0
- 18.7.0
+ 22.5.1
YARN
- 1.22.19
+ 1.22.22
@@ -288,7 +288,7 @@
run-test
-
+
test
run
@@ -299,7 +299,7 @@
run-build
-
+
prepare-package
run
@@ -314,7 +314,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.8.0
+ 3.13.0
${java.version}
${java.version}
@@ -328,7 +328,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.8
+ 0.8.12
@@ -383,9 +383,16 @@
UTF-8
- 4.0.1
- 17
- 2.3.0
+ 4.0.4
+ 21
+ 2.3.1
5.1.16.202106041830-r
+
+
+ maven_central
+ Maven Central
+ https://repo.maven.apache.org/maven2/
+
+