diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index e7968d80d6..5c6ff5bc63 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -31,7 +31,7 @@ env: jobs: build: - name: Build and Test (JDK ${{ matrix.java }})${{ matrix.profile == '-Pjakartaee11' && ' with Jakarta EE 11' || matrix.profile }} + name: Build and Test (JDK ${{ matrix.java }})${{ matrix.profile == '-Pjakartaee11' && ' (Jakarta EE 11)' || matrix.profile }} runs-on: ubuntu-latest strategy: matrix: diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index b1820f7a26..2867ee62bb 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -26,6 +26,7 @@ permissions: read-all env: MAVEN_OPTS: -Xmx2048m -Xms1024m LANG: en_US.utf8 + HAVE_SONARCLOUD_TOKEN: ${{ secrets.SONARCLOUD_TOKEN != '' }} jobs: sonarcloud: @@ -41,7 +42,14 @@ jobs: distribution: temurin java-version: 21 cache: 'maven' - - env: + - name: SonarCloud Scan + if: ${{ env.HAVE_SONARCLOUD_TOKEN == 'true' }} + env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} run: ./mvnw -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage -DskipAssembly + - name: SonarCloud Scan -- SKIPPED + if: ${{ env.HAVE_SONARCLOUD_TOKEN != 'true' }} + run: | + echo "### SonarCloud not configured" >> $GITHUB_STEP_SUMMARY + echo "secrets.SONARCLOUD_TOKEN not existing, cannot push coverage checks" >> $GITHUB_STEP_SUMMARY diff --git a/plugins/jasperreports/pom.xml b/plugins/jasperreports/pom.xml index addbe1aaef..7437832142 100644 --- a/plugins/jasperreports/pom.xml +++ b/plugins/jasperreports/pom.xml @@ -35,7 +35,7 @@ net.sf.jasperreports jasperreports - 6.21.3 + 6.21.5 provided diff --git a/plugins/jasperreports7/pom.xml b/plugins/jasperreports7/pom.xml index dd549ae3e5..587b1b03de 100644 --- a/plugins/jasperreports7/pom.xml +++ b/plugins/jasperreports7/pom.xml @@ -33,7 +33,7 @@ UTF-8 - 7.0.4 + 7.0.6 diff --git a/plugins/spring/README.md b/plugins/spring/README.md index fbaf2781e3..0c33b004cc 100644 --- a/plugins/spring/README.md +++ b/plugins/spring/README.md @@ -4,3 +4,11 @@ You will find more details in [documentation](https://struts.apache.org/plugins/ ## Installation Just drop this plugin JAR into `WEB-INF/lib` folder or add it as a Maven dependency. + + +## Struts & Spring Compatibility Matrix + +| Struts Plugin Version | Compatible Spring Version | Spring OSS End of Life (EOL) | +|:----------------------|:---------------------------|:-----------------------------| +| **7.1.1** | 6.2.x | 2026-06 | +| **7.1.1** | 7.0.7 (Jakarta EE 11 only) | 2027-06 | diff --git a/pom.xml b/pom.xml index f5bc6d1de5..1063b254b5 100644 --- a/pom.xml +++ b/pom.xml @@ -125,7 +125,7 @@ 5.23.0 3.4.11 2.0.17 - 6.2.12 + 7.0.7 2.0 3.1 6.0.4.Final @@ -157,8 +157,7 @@ jakartaee11 - 11.0.0-M5 - 7.0.5 + 11.0.0 diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml index b0d5ebc951..3f608cdc22 100644 --- a/src/etc/project-suppression.xml +++ b/src/etc/project-suppression.xml @@ -18,168 +18,43 @@ under the License. --> - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ + + + ^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$ + CVE-2025-10492 + + + + CVE-2023-49735 cpe:/a:apache:struts - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2011-5057 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2012-0391 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2012-0392 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2012-0393 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2012-0394 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2012-0838 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2013-1965 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2013-1966 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2013-2115 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2013-2134 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2013-2135 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2014-0094 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2014-0113 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2015-5169 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2016-0785 - - - - ^pkg:maven/org\.apache\.struts/struts\-core@.*$ - CVE-2016-4003 - - - - ^pkg:maven/org\.apache\.struts/struts\-annotations@.*$ - cpe:/a:apache:struts - - - - ^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$ - cpe:/a:apache:struts - - - - ^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$ - cpe:/a:apache:struts - - - - ^pkg:maven/dom4j/dom4j@.*$ - CVE-2018-1000632 - - - - ^pkg:maven/org\.beanshell/bsh@.*$ - CVE-2016-2510 - - - - ^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$ - cpe:/a:plexus-utils_project:plexus-utils - CVE-2022-4244 - CVE-2022-4245 - CVE-2017-1000487 - - - - ^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$ - cpe:/a:plexus-utils_project:plexus-utils - CVE-2022-4244 - CVE-2022-4245 - - - - - ^pkg:maven/com\.google\.guava/guava@.*$ - CVE-2018-10237 - - - - ^pkg:maven/org\.yaml/snakeyaml@.*$ - CVE-2017-18640 - - - + ^pkg:javascript/jquery@.*$ CVE-2020-11022 - - - - ^pkg:javascript/jquery@.*$ CVE-2020-11023 - - - - ^pkg:maven/org\.testng/testng@.*$ - CVE-2022-4065 - - - - ^pkg:maven/org\.springframework/spring\-.*@.*$ - CVE-2022-22965 - CVE-2022-22950 - CVE-2022-22968 - CVE-2022-22970 - - - - ^pkg:maven/org\.springframework/spring\-web@.*$ - CVE-2016-1000027 + CVE-2015-9251 + CVE-2019-11358 + jquery issue: 11974 + jquery issue: 162 + + + + + 253711c6d825de55a8360552573be950da180614 + CVE-2016-10735 + CVE-2018-14040 + CVE-2018-14041 + CVE-2018-14042 + CVE-2018-20676 + CVE-2018-20677 + CVE-2019-8331 + CVE-2024-6485 + Bootstrap before 4.0.0 is end-of-life and no longer maintained.