Updated Jetty version due to vulnerabilities & uses fasterxml Jackson.
Change-Id: If6eaf454e06ba8afb05bbb2c752f53f4de79853f
diff --git a/core/Changes b/core/Changes
index ccc96b2..ceb57ee 100644
--- a/core/Changes
+++ b/core/Changes
@@ -2,7 +2,9 @@
18/03/2019
- Added close index controller (margaretha)
11/04/2019
- - Fixed multiple Jackson implementations (margaretha)
+ - Fixed multiple Jackson implementations (margaretha)
+25/04/2019
+ - Updated Jetty version due to vulnerabilities (margaretha)
# version 0.61.6
06/02/2019
diff --git a/core/pom.xml b/core/pom.xml
index aadb9b8..4699ffe 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -10,7 +10,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<spring.version>5.1.2.RELEASE</spring.version>
<jersey.version>1.19.4</jersey.version>
- <jetty.version>9.4.12.v20180830</jetty.version>
+ <jetty.version>9.4.17.v20190418</jetty.version>
<hibernate.version>5.3.7.Final</hibernate.version>
</properties>
<build>
@@ -88,12 +88,6 @@
</execution>
</executions>
</plugin>
- <!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId>
- <version>2.20.1</version> <configuration> <reuseForks>false</reuseForks>
- <forkCount>2</forkCount> <threadCount>10</threadCount> <argLine>-Xmx1024m
- -XX:MaxPermSize=256m</argLine> <excludes> <exclude>**/*APITest.java</exclude>
- </excludes> <includes> <include>de/ids_mannheim/korap/**/*.java</include>
- </includes> </configuration> </plugin> -->
</plugins>
</build>
<dependencies>
@@ -171,11 +165,12 @@
<artifactId>json-smart</artifactId>
<version>1.0.9</version>
</dependency>
- <!-- JSON support in Jersey -->
+
+ <!-- Jersey 1x originally uses codehaus -->
<dependency>
<groupId>com.fasterxml.jackson.jaxrs</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
- <version>[2.9.5,)</version>
+ <version>[2.9.8,)</version>
</dependency>
<!-- Flyway -->
@@ -295,11 +290,21 @@
</dependency>
<dependency>
+ <groupId>javax.annotation</groupId>
+ <artifactId>javax.annotation-api</artifactId>
+ <version>1.3.2</version>
+ </dependency>
+
+ <dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Krill</artifactId>
<version>[0.58.5,)</version>
<exclusions>
<exclusion>
+ <groupId>org.glassfish.jersey.containers</groupId>
+ <artifactId>jersey-container-grizzly2-http</artifactId>
+ </exclusion>
+ <exclusion>
<groupId>org.xerial</groupId>
<artifactId>sqlite-jdbc</artifactId>
</exclusion>
diff --git a/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java b/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java
index 8de109b..2ec9040 100644
--- a/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java
+++ b/core/src/main/java/de/ids_mannheim/korap/server/KustvaktBaseServer.java
@@ -39,7 +39,10 @@
protected static String rootPackages;
protected static KustvaktArgs kargs;
- public KustvaktBaseServer () {}
+ public KustvaktBaseServer () {
+ rootPackages = "de.ids_mannheim.korap.web; "
+ + "com.fasterxml.jackson.jaxrs.json;";
+ }
protected KustvaktArgs readAttributes (String[] args) {
KustvaktArgs kargs = new KustvaktArgs();
@@ -106,8 +109,6 @@
ServletHolder servletHolder = new ServletHolder(new SpringServlet());
servletHolder.setInitParameter(
"com.sun.jersey.config.property.packages", rootPackages);
- servletHolder.setInitParameter(
- "com.sun.jersey.api.json.POJOMappingFeature", "true");
servletHolder.setInitOrder(1);
contextHandler.addServlet(servletHolder, config.getBaseURL());