From 87e594d416cc53f17d5bce65c7ec0c6df86afb08 Mon Sep 17 00:00:00 2001 From: Tadgh Date: Wed, 13 Oct 2021 16:17:43 -0400 Subject: [PATCH] Bump JENA to deal with CVE-2021-29349 (#3063) --- .../src/main/java/ca/uhn/fhir/parser/RDFParser.java | 5 ++++- pom.xml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/parser/RDFParser.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/parser/RDFParser.java index cad77bb1d02..b880225fd36 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/parser/RDFParser.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/parser/RDFParser.java @@ -27,6 +27,8 @@ import ca.uhn.fhir.rest.api.EncodingEnum; import ca.uhn.fhir.util.rdf.RDFUtil; import org.apache.commons.lang3.StringUtils; import org.apache.jena.datatypes.xsd.XSDDatatype; +import org.apache.jena.irix.IRIs; +import org.apache.jena.irix.SetupJenaIRI; import org.apache.jena.rdf.model.*; import org.apache.jena.riot.Lang; import org.apache.jena.riot.system.IRIResolver; @@ -175,7 +177,8 @@ public class RDFParser extends BaseParser { if (!resource.getIdElement().toUnqualified().hasIdPart()) { parentResource = rdfModel.getResource(null); } else { - String resourceUri = IRIResolver.resolve(resource.getIdElement().toUnqualified().toString(), uriBase).toString(); + + String resourceUri = IRIs.resolve(uriBase, resource.getIdElement().toUnqualified().toString()).toString(); parentResource = rdfModel.getResource(resourceUri); } // If the resource already exists and has statements, return that existing resource. diff --git a/pom.xml b/pom.xml index b930d619a9f..799c9f45656 100644 --- a/pom.xml +++ b/pom.xml @@ -791,7 +791,7 @@ 2.3.1 2.3.0.1 3.0.0 - 3.17.0 + 4.2.0 3.0.0 9.4.43.v20210629 3.0.2