This is an automated email from the ASF dual-hosted git repository.
mbien pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/master by this push:
new d146716 dependency updates, added bouncycastle, minor log level
update.
new 8e2890d Merge pull request #115 from mbien/dependency_updates
d146716 is described below
commit d1467165624a229b0f56e7edc934e05eb42d9530
Author: Michael Bien <[email protected]>
AuthorDate: Fri Apr 1 01:07:00 2022 +0200
dependency updates, added bouncycastle, minor log level update.
- notable dependency update: spring 5.3.18 with security fixes
- bouncy castle was added so that the popular Argon2 pw encoder can be used
available encoders: bcrypt, pbkdf2, scrypt, argon2
---
app/pom.xml | 23 ++++++++++++++--------
.../business/startup/DatabaseInstaller.java | 4 ++--
.../roller/weblogger/ui/core/RollerContext.java | 8 +++++---
3 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/app/pom.xml b/app/pom.xml
index 41aeb97..a70c49e 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -41,22 +41,23 @@ limitations under the License.
<angular.version>1.7.8</angular.version>
<ant.version>1.10.12</ant.version>
<asm.version>9.2</asm.version>
+ <bouncycastle.version>1.70</bouncycastle.version>
<commons-validator.version>1.7</commons-validator.version>
<commons-beanutils.version>1.9.4</commons-beanutils.version>
<commons-codec.version>1.15</commons-codec.version>
<eclipse-link.version>2.7.10</eclipse-link.version>
- <guice.version>5.0.1</guice.version>
- <log4j2.version>2.17.1</log4j2.version>
- <lucene.version>9.0.0</lucene.version>
+ <guice.version>5.1.0</guice.version>
+ <log4j2.version>2.17.2</log4j2.version>
+ <lucene.version>9.1.0</lucene.version>
<oauth-core.version>20100527</oauth-core.version>
<maven-war.version>3.2.3</maven-war.version>
<maven-surefire.version>2.22.2</maven-surefire.version>
<maven-antrun.version>1.0b3</maven-antrun.version>
- <rome.version>1.17.0</rome.version>
- <slf4j.version>1.7.32</slf4j.version>
- <spring.version>5.3.14</spring.version>
- <spring.security.version>5.6.1</spring.security.version>
- <struts.version>2.5.28.2</struts.version>
+ <rome.version>1.18.0</rome.version>
+ <slf4j.version>1.7.36</slf4j.version>
+ <spring.version>5.3.18</spring.version>
+ <spring.security.version>5.6.2</spring.security.version>
+ <struts.version>2.5.29</struts.version>
<velocity.version>2.3</velocity.version>
<webjars.version>1.6</webjars.version>
<ws-commons-util.version>1.0.2</ws-commons-util.version>
@@ -535,6 +536,12 @@ limitations under the License.
<version>${oauth-core.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>${bouncycastle.version}</version>
+ </dependency>
+
<!-- Test deps -->
<dependency>
diff --git
a/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
b/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
index 7c80191..1917c24 100644
---
a/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
+++
b/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
@@ -204,8 +204,8 @@ public class DatabaseInstaller {
int myVersion = parseVersionString(version);
int dbversion = getDatabaseVersion();
- log.debug("Database version = "+dbversion);
- log.debug("Desired version = "+myVersion);
+ log.info("Database version = "+dbversion);
+ log.info("Desired version = "+myVersion);
Connection con = null;
try {
diff --git
a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
index 1f811ed..e0b965f 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/RollerContext.java
@@ -50,7 +50,9 @@ import org.apache.roller.weblogger.util.cache.CacheManager;
import org.apache.velocity.runtime.RuntimeSingleton;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
@@ -300,9 +302,9 @@ public class RollerContext extends ContextLoaderListener
// supported encoders
encoders.put("bcrypt", new BCryptPasswordEncoder());
encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
- // requires bouncy castle impl
-// encoders.put("scrypt", new SCryptPasswordEncoder());
-// encoders.put("argon2", new Argon2PasswordEncoder());
+ // provided by bouncy castle dependency
+ encoders.put("scrypt", new SCryptPasswordEncoder());
+ encoders.put("argon2", new Argon2PasswordEncoder());
// just for testing
encoders.put("noop",
org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
