diff --git a/archiva-jetty/pom.xml b/archiva-jetty/pom.xml
index 21b779780..86a8d2985 100644
--- a/archiva-jetty/pom.xml
+++ b/archiva-jetty/pom.xml
@@ -171,9 +171,6 @@
archiva.cassandra.configuration.file=%ARCHIVA_BASE%/conf/archiva-cassandra.properties
org.apache.jackrabbit.core.state.validatehierarchy=true
-
- -XX:MaxPermSize=128m
-
512
512
@@ -253,6 +250,8 @@
apache-archiva-${project.version}
+
+
diff --git a/archiva-modules/archiva-web/archiva-rss/pom.xml b/archiva-modules/archiva-web/archiva-rss/pom.xml
index 048f26926..95a1bb532 100644
--- a/archiva-modules/archiva-web/archiva-rss/pom.xml
+++ b/archiva-modules/archiva-web/archiva-rss/pom.xml
@@ -131,10 +131,7 @@
maven-surefire-plugin
false
-
- -Xms512m -Xmx1024m -server -XX:MaxPermSize=256m
+ -Xms512m -Xmx1024m -server
${project.build.directory}/appserver-base
${project.build.directory}/appserver-base
diff --git a/archiva-modules/archiva-web/archiva-web-common/pom.xml b/archiva-modules/archiva-web/archiva-web-common/pom.xml
index 15535cd8b..25206ac1c 100644
--- a/archiva-modules/archiva-web/archiva-web-common/pom.xml
+++ b/archiva-modules/archiva-web/archiva-web-common/pom.xml
@@ -564,10 +564,7 @@
maven-surefire-plugin
false
-
- -Xms1024m -Xmx2048m -server -XX:MaxPermSize=256m
+ -Xms1024m -Xmx2048m -server
${project.build.directory}/appserver-base
${project.build.directory}/appserver-base
diff --git a/archiva-modules/archiva-web/archiva-webapp/pom.xml b/archiva-modules/archiva-web/archiva-webapp/pom.xml
index 3d51bed4e..e2f38ad7d 100644
--- a/archiva-modules/archiva-web/archiva-webapp/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/pom.xml
@@ -554,6 +554,7 @@
src/test/repositories/test-repo/**
src/main/resources/META-INF/services/*
src/main/resources/META-INF/cxf/*
+ src/main/resources/META-INF/owasp/cve-suppressions.xml
@@ -828,6 +829,24 @@
+
+
+ org.owasp
+ dependency-check-maven
+ 5.3.2
+
+ true
+ 8
+ ${project.basedir}/src/main/resources/META-INF/owasp/cve-suppressions.xml
+
+
+
+
+ check
+
+
+
+
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
new file mode 100644
index 000000000..420e6a55e
--- /dev/null
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
@@ -0,0 +1,67 @@
+
+
+
+
+ ^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$
+ cpe:/a:fasterxml:jackson-mapper-asl
+ cpe:/a:fasterxml:jackson
+ CVE-2017-15095
+ CVE-2017-7525
+ CVE-2017-17485
+ CVE-2018-5968
+ CVE-2018-14718
+ CVE-2018-7489
+ CVE-2018-1000873
+ CVE-2019-14540
+ CVE-2019-14893
+ CVE-2019-16335
+ CVE-2019-17267
+ CVE-2020-10672
+ CVE-2020-10673
+
+
+
+
+ ^pkg:maven/org\.apache\.jackrabbit/oak\-.*@.*$
+ cpe:/a:apache:jackrabbit
+
+
+
+
+ ^pkg:maven/io\.netty/netty\-transport@.*$
+ cpe:/a:netty:netty
+ CVE-2020-11612
+ CVE-2019-20445
+ CVE-2019-20444
+
+
+
+
+ ^.*oak-segment-tar.*$
+ cpe:/a:netty:netty
+ CVE-2020-11612
+ CVE-2019-20445
+ CVE-2019-20444
+
+
+
+ ^pkg:maven/io\.netty/netty\-.*@.*$
+ cpe:/a:netty:netty
+ CVE-2020-11612
+ CVE-2019-20445
+ CVE-2019-20444
+
+
+
diff --git a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
index 77beb3547..364ce76f5 100644
--- a/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
+++ b/archiva-modules/metadata/metadata-store-provider/metadata-store-cassandra/pom.xml
@@ -31,7 +31,7 @@
${project.parent.parent.basedir}
- 3.11.2
+ 3.11.6
@@ -143,6 +143,7 @@
org.jboss.logging
jboss-logging
+
@@ -169,24 +170,57 @@
-
org.apache.cassandra
cassandra-thrift
- 3.11.2
+ ${cassandraVersion}
javax.servlet
servlet-api
+
+ org.apache.ant
+ ant
+
+
+ org.apache.thrift
+ libthrift
+ 0.13.0
+
+
+
+
+
+ io.netty
+ netty-all
+ ${netty.version}
+
org.jboss.logging
jboss-logging
+
+
+ org.hibernate
+ hibernate-validator
+ 4.3.2.Final
+
@@ -236,6 +270,7 @@
+
diff --git a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/pom.xml b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/pom.xml
index 26a94f3ab..22cd0c659 100644
--- a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/pom.xml
+++ b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/pom.xml
@@ -84,6 +84,32 @@
org.apache.jackrabbit
oak-segment-tar
+
+
+ io.netty
+ netty-transport
+
+
+ io.netty
+ netty-resolver
+
+
+ io.netty
+ netty-handler
+
+
+ io.netty
+ netty-common
+
+
+ io.netty
+ netty-codec
+
+
+ io.netty
+ netty-buffer
+
+
org.apache.jackrabbit
@@ -113,6 +139,34 @@
org.apache.jackrabbit
oak-core
+
+
+ io.netty
+ netty-transport
+
+
+ io.netty
+ netty-resolver
+
+
+ io.netty
+ netty-handler
+
+
+ io.netty
+ netty-common
+
+
+ io.netty
+ netty-codec
+
+
+ io.netty
+ netty-buffer
+
+
+
javax.inject
diff --git a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java
index 8822ff07b..a8cb1a700 100644
--- a/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java
+++ b/archiva-modules/metadata/metadata-store-provider/oak-jcr/metadata-store-jcr/src/main/java/org/apache/archiva/metadata/repository/jcr/OakRepositoryFactory.java
@@ -44,8 +44,6 @@ import org.apache.jackrabbit.oak.plugins.index.lucene.hybrid.LocalIndexObserver;
import org.apache.jackrabbit.oak.plugins.index.lucene.hybrid.NRTIndexFactory;
import org.apache.jackrabbit.oak.plugins.index.lucene.property.PropertyIndexCleaner;
import org.apache.jackrabbit.oak.plugins.index.lucene.reader.DefaultIndexReaderFactory;
-import org.apache.jackrabbit.oak.plugins.index.lucene.score.ScorerProviderFactory;
-import org.apache.jackrabbit.oak.plugins.index.lucene.score.impl.ScorerProviderFactoryImpl;
import org.apache.jackrabbit.oak.plugins.index.lucene.util.IndexDefinitionBuilder;
import org.apache.jackrabbit.oak.plugins.index.search.ExtractedTextCache;
import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants;
@@ -142,7 +140,6 @@ public class OakRepositoryFactory
private LuceneIndexProvider indexProvider;
- private ScorerProviderFactory scorerFactory = new ScorerProviderFactoryImpl( );
private IndexAugmentorFactory augmentorFactory = new IndexAugmentorFactory( );
private ActiveDeletedBlobCollectorFactory.ActiveDeletedBlobCollector activeDeletedBlobCollector = ActiveDeletedBlobCollectorFactory.NOOP;
@@ -396,7 +393,7 @@ public class OakRepositoryFactory
tracker = createTracker();
- indexProvider = new LuceneIndexProvider(tracker, scorerFactory, augmentorFactory);
+ indexProvider = new LuceneIndexProvider(tracker, augmentorFactory);
initialize();
registerObserver();
diff --git a/archiva-modules/pom.xml b/archiva-modules/pom.xml
index aa0e4889e..fb74868d2 100644
--- a/archiva-modules/pom.xml
+++ b/archiva-modules/pom.xml
@@ -217,8 +217,6 @@
-
-
diff --git a/pom.xml b/pom.xml
index 1188a71d5..1bd70fb38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,8 @@
2.0
- 1.22.3
+ 1.30.0
+ 4.1.50.Final
@@ -502,6 +503,64 @@
org.apache.jackrabbit
oak-segment-tar
${jcr-oak.version}
+
+
+ io.netty
+ netty-transport
+
+
+ io.netty
+ netty-resolver
+
+
+ io.netty
+ netty-handler
+
+
+ io.netty
+ netty-common
+
+
+ io.netty
+ netty-codec
+
+
+ io.netty
+ netty-buffer
+
+
+
+
+
+ io.netty
+ netty-transport
+ ${netty.version}
+
+
+ io.netty
+ netty-resolver
+ ${netty.version}
+
+
+ io.netty
+ netty-handler
+ ${netty.version}
+
+
+ io.netty
+ netty-common
+ ${netty.version}
+
+
+ io.netty
+ netty-codec
+ ${netty.version}
+
+
+ io.netty
+ netty-buffer
+ ${netty.version}
org.apache.jackrabbit
@@ -1351,6 +1410,14 @@
+
+
+ com.google.guava
+ guava
+ 29.0-jre
+
+
+
org.xmlunit
xmlunit-core
@@ -1818,6 +1885,10 @@
+
+
+
+