Sicherheitslücke in H2 -> auf aktuelle Version aktualisiert

917d9564 · Jesper Zedlitz · 246e7d60 · 917d9564 · 917d9564
Commit 917d9564 authored 3 years ago by Jesper Zedlitz
--- a/pom.xml
+++ b/pom.xml
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+<?xml version="1.0" encoding="utf-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.2</version>
-        <relativePath/> <!-- lookup parent from repository -->
+    <version>2.6.6</version>
+    <relativePath />
+    <!-- lookup parent from repository -->
  </parent>
  <groupId>de.landsh.opendata</groupId>
  <artifactId>uploadform</artifactId>
@@ -44,9 +44,11 @@
      <artifactId>spring-security-test</artifactId>
      <scope>test</scope>
    </dependency>
+    <!-- https://mvnrepository.com/artifact/com.h2database/h2 -->
    <dependency>
      <groupId>com.h2database</groupId>
      <artifactId>h2</artifactId>
+      <version>2.1.212</version>
      <scope>runtime</scope>
    </dependency>
    <dependency>
@@ -83,9 +85,7 @@
      <artifactId>font-awesome</artifactId>
      <version>4.7.0</version>
    </dependency>
-
  </dependencies>
-
  <build>
    <plugins>
      <plugin>
@@ -100,7 +100,23 @@
          </excludes>
        </configuration>
      </plugin>
+      <plugin>
+        <groupId>org.owasp</groupId>
+        <artifactId>dependency-check-maven</artifactId>
+        <version>6.5.3</version>
+        <configuration>
+          <failBuildOnCVSS>8</failBuildOnCVSS>
+          <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+          <failOnError>true</failOnError>
+        </configuration>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
    </plugins>
  </build>
-
 </project>
--- a/src/main/java/de/landsh/opendata/uploadform/model/Dataset.java
+++ b/src/main/java/de/landsh/opendata/uploadform/model/Dataset.java
@@ -16,6 +16,7 @@ public class Dataset {
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;

+    @Column(name="ds_year")
    int year;
    String organization;