Update dependencies to fix published security vulnerabilities
Trivy security scanner finds vulnerabilities in JAVA dependencies (pom.xml) and Docker image.
see attached scan results for details 20240222_trivy_report.txt
User provide a good user story for this:
Trivy security scanner finds vulnerabilities in dependencies and Docker image
see attached scan results for details
To mitigate the vulnerabilities, update the following dependencies in pom.xml:
-
rdf4j 4.3.8 -> 4.3.9 -
add exclusion for org.eclipse.rdf4j.rdf4j-sail-solrinorg.eclipse.rdf4j.rdf4j-storage
Furthermore, update the Dockerfile:
-
docker base image registry.access.redhat.com/ubi8/openjdk-17:1.17-4 -> 1.18
In addition, the following should also be updated
-
quarkus -
cz.cvut.kbss.jopa -
mockserver -
surefire-plugin -
compliler-plugin
Edited by Daniel A. Doeppner