From 9d3685bc19fcb88640493cb41c69e79daee77d07 Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Wed, 11 Dec 2024 15:45:14 +0000 Subject: [PATCH 1/3] Updated version number --- demos/claim-bot/pom.xml | 6 +++--- demos/custom-help-bot/pom.xml | 6 +++--- demos/demo-bot/pom.xml | 6 +++--- demos/rooms-bot/pom.xml | 6 +++--- demos/todo-bot/pom.xml | 6 +++--- libs/chat-workflow-coverage/pom.xml | 14 +++++++------- libs/chat-workflow-testing/pom.xml | 4 ++-- libs/chat-workflow/pom.xml | 4 ++-- libs/entity-json/pom.xml | 2 +- .../pom.xml | 8 ++++---- libs/symphony/entities/pom.xml | 4 ++-- .../pom.xml | 6 +++--- pom.xml | 2 +- tools/poll-bot/pom.xml | 6 +++--- tools/reminder-bot/pom.xml | 8 ++++---- tools/rss-bot/pom.xml | 4 ++-- 16 files changed, 46 insertions(+), 46 deletions(-) diff --git a/demos/claim-bot/pom.xml b/demos/claim-bot/pom.xml index 35e3e1cf..be7b44ac 100644 --- a/demos/claim-bot/pom.xml +++ b/demos/claim-bot/pom.xml @@ -6,7 +6,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -23,12 +23,12 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.apache.commons diff --git a/demos/custom-help-bot/pom.xml b/demos/custom-help-bot/pom.xml index 31ffca7b..055ce7d2 100644 --- a/demos/custom-help-bot/pom.xml +++ b/demos/custom-help-bot/pom.xml @@ -7,7 +7,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../pom.xml @@ -29,13 +29,13 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT compile org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT compile diff --git a/demos/demo-bot/pom.xml b/demos/demo-bot/pom.xml index 9a6e1821..15559bed 100644 --- a/demos/demo-bot/pom.xml +++ b/demos/demo-bot/pom.xml @@ -7,7 +7,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../pom.xml @@ -28,13 +28,13 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT compile org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT compile diff --git a/demos/rooms-bot/pom.xml b/demos/rooms-bot/pom.xml index f0354468..467552e5 100644 --- a/demos/rooms-bot/pom.xml +++ b/demos/rooms-bot/pom.xml @@ -6,7 +6,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../pom.xml @@ -23,12 +23,12 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT diff --git a/demos/todo-bot/pom.xml b/demos/todo-bot/pom.xml index eae2e281..e3d9001f 100644 --- a/demos/todo-bot/pom.xml +++ b/demos/todo-bot/pom.xml @@ -6,7 +6,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -23,12 +23,12 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.apache.commons diff --git a/libs/chat-workflow-coverage/pom.xml b/libs/chat-workflow-coverage/pom.xml index ce2661aa..e31294b3 100644 --- a/libs/chat-workflow-coverage/pom.xml +++ b/libs/chat-workflow-coverage/pom.xml @@ -10,7 +10,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -56,32 +56,32 @@ org.finos.springbot chat-workflow - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot chat-workflow-testing - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot entity-json - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot entities - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT diff --git a/libs/chat-workflow-testing/pom.xml b/libs/chat-workflow-testing/pom.xml index 36041b77..f9aceb5d 100644 --- a/libs/chat-workflow-testing/pom.xml +++ b/libs/chat-workflow-testing/pom.xml @@ -9,7 +9,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -22,7 +22,7 @@ org.finos.springbot chat-workflow - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT diff --git a/libs/chat-workflow/pom.xml b/libs/chat-workflow/pom.xml index 6d602918..947b5e4c 100644 --- a/libs/chat-workflow/pom.xml +++ b/libs/chat-workflow/pom.xml @@ -11,7 +11,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -33,7 +33,7 @@ org.finos.springbot entity-json - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.springframework.boot diff --git a/libs/entity-json/pom.xml b/libs/entity-json/pom.xml index ea767eed..1c6c9790 100644 --- a/libs/entity-json/pom.xml +++ b/libs/entity-json/pom.xml @@ -10,7 +10,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. diff --git a/libs/symphony-bdk/symphony-bdk-chat-workflow-spring-boot-starter/pom.xml b/libs/symphony-bdk/symphony-bdk-chat-workflow-spring-boot-starter/pom.xml index 67c4b046..d212bdaf 100644 --- a/libs/symphony-bdk/symphony-bdk-chat-workflow-spring-boot-starter/pom.xml +++ b/libs/symphony-bdk/symphony-bdk-chat-workflow-spring-boot-starter/pom.xml @@ -9,7 +9,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../.. @@ -22,12 +22,12 @@ org.finos.springbot chat-workflow - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot entities - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.symphony.bdk @@ -43,7 +43,7 @@ org.finos.springbot chat-workflow-testing - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT test diff --git a/libs/symphony/entities/pom.xml b/libs/symphony/entities/pom.xml index 44230f82..02a85a70 100644 --- a/libs/symphony/entities/pom.xml +++ b/libs/symphony/entities/pom.xml @@ -10,7 +10,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../.. @@ -23,7 +23,7 @@ org.finos.springbot entity-json - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT diff --git a/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml b/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml index 3a99b164..c7fa7a6e 100644 --- a/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml +++ b/libs/teams/teams-chat-workflow-spring-boot-starter/pom.xml @@ -9,7 +9,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../.. @@ -22,7 +22,7 @@ org.finos.springbot chat-workflow - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT @@ -153,7 +153,7 @@ org.finos.springbot chat-workflow-testing - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT test diff --git a/pom.xml b/pom.xml index b9047c2e..22c39d11 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT pom Spring Bot diff --git a/tools/poll-bot/pom.xml b/tools/poll-bot/pom.xml index 36c5b7f4..352386b3 100644 --- a/tools/poll-bot/pom.xml +++ b/tools/poll-bot/pom.xml @@ -6,7 +6,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -23,12 +23,12 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT diff --git a/tools/reminder-bot/pom.xml b/tools/reminder-bot/pom.xml index d7cd4f78..24060e9a 100644 --- a/tools/reminder-bot/pom.xml +++ b/tools/reminder-bot/pom.xml @@ -6,7 +6,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../../pom.xml @@ -26,12 +26,12 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.finos.springbot teams-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.apache.commons @@ -80,7 +80,7 @@ org.finos.springbot chat-workflow-testing - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT test diff --git a/tools/rss-bot/pom.xml b/tools/rss-bot/pom.xml index 907a433a..0ccd961b 100644 --- a/tools/rss-bot/pom.xml +++ b/tools/rss-bot/pom.xml @@ -6,7 +6,7 @@ org.finos.springbot spring-bot - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT ../.. @@ -23,7 +23,7 @@ org.finos.springbot symphony-bdk-chat-workflow-spring-boot-starter - 10.0.1-SNAPSHOT + 10.0.2-SNAPSHOT org.apache.commons From d768659ed5ed57ab4b2720f1b08e7b454ccddc8d Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Wed, 8 Jan 2025 10:40:31 +0000 Subject: [PATCH 2/3] Fixed date --- CHANGES.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index d41909fa..edd89444 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -258,8 +258,7 @@ Major release of chat workflow. Most interfaces for this changed. See migratio - Update to Java 17 - Migrate to Spring Boot 3 - -# November 13 2025 +# December 11 2024 - #408 Handle exceptions in Teams - #409 Return conversation IDs in Teams - #416 Single Method Invoke on Multiple Chat Button From eb47df4b79e2e4cd6435c15183030782d57fc45b Mon Sep 17 00:00:00 2001 From: Rob Moffat Date: Wed, 8 Jan 2025 10:55:12 +0000 Subject: [PATCH 3/3] Started working on CVS mitigations --- .github/workflows/allow-list.xml | 96 +++++++++++++++++++++++++++++++- pom.xml | 2 +- 2 files changed, 96 insertions(+), 2 deletions(-) diff --git a/.github/workflows/allow-list.xml b/.github/workflows/allow-list.xml index 51c25a2a..123a8f0a 100644 --- a/.github/workflows/allow-list.xml +++ b/.github/workflows/allow-list.xml @@ -57,23 +57,117 @@ These are added in the conversion from spring2 to spring3. CVE-2023-36052 + + + + + An issue was discovered in Bouncy Castle Java Cryptography APIs + before 1.78. An Ed25519 verification code infinite loop can occur via + a crafted signature and public key. + + We don't use that. + CVE-2024-30172 + + + + + CVE-2024-30171 + + + + + + CVE-2024-29857 + + + + + CVE-2024-34447 + + + + + CVE-2024-35255 + + + + + CVE-2023-1370 + + + + + CVE-2023-52428 + + + + + CVE-2010-0538 + + + + + CVE-2021-3869 + + + + + CVE-2022-0198 + + + + + CVE-2017-10355 + + + + + CVE-2020-10146 - CVE-2024-38820 + + + + + + CVE-2024-38820 + + + + + CVE-2024-38809 + + + + + CVE-2024-38816 + + + + + CVE-2023-7272 + + + + CVE-2024-45772 + + + + CVE-2024-7254 diff --git a/pom.xml b/pom.xml index 22c39d11..492c03d1 100644 --- a/pom.xml +++ b/pom.xml @@ -66,7 +66,7 @@ 3.4.0 32.1.0-jre 1.17.2 - 23.0.3 + 24.1.1 3.0.0