Upgrade Karaf from 4.4.5 to 4.4.6

* Sync runtime dependencies with Karaf 4.4.6, most notably: * Jetty 9.4.54.v20240208, addresses CVE-2024-22201 * Pax Logging 2.2.7 * Pax Web 8.0.27 * ASM 9.7 Signed-off-by: Holger Friedrich <[email protected]>
openhab · May 20, 2024 · 7097365 · 7097365
1 parent 8017277
commit 7097365
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 30 deletions.
diff --git a/distributions/openhab/src/main/resources/bin/karaf b/distributions/openhab/src/main/resources/bin/karaf
@@ -306,8 +306,8 @@ run() {
                 ${KARAF_EXEC} "${JAVA}" ${JAVA_OPTS} \
                     --add-reads=java.xml=java.logging \
                     --add-exports=java.base/org.apache.karaf.specs.locator=java.xml,ALL-UNNAMED \
-                    --patch-module java.base="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.locator-4.4.5.jar" \
-                    --patch-module java.xml="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.java.xml-4.4.5.jar" \
+                    --patch-module java.base="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.locator-4.4.6.jar" \
+                    --patch-module java.xml="${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.java.xml-4.4.6.jar" \
                     --add-opens java.base/java.security=ALL-UNNAMED \
                     --add-opens java.base/java.net=ALL-UNNAMED \
                     --add-opens java.base/java.lang=ALL-UNNAMED \

diff --git a/distributions/openhab/src/main/resources/bin/karaf.bat b/distributions/openhab/src/main/resources/bin/karaf.bat
@@ -414,8 +414,8 @@ if "%KARAF_PROFILER%" == "" goto :RUN
             "%JAVA%" %JAVA_OPTS% %OPTS% ^
                 --add-reads=java.xml=java.logging ^
                 --add-exports=java.base/org.apache.karaf.specs.locator=java.xml,ALL-UNNAMED ^
-                --patch-module java.base="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.locator-4.4.5.jar" ^
-                --patch-module java.xml="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.java.xml-4.4.5.jar" ^
+                --patch-module java.base="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.locator-4.4.6.jar" ^
+                --patch-module java.xml="%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.java.xml-4.4.6.jar" ^
                 --add-opens java.base/java.security=ALL-UNNAMED ^
                 --add-opens java.base/java.net=ALL-UNNAMED ^
                 --add-opens java.base/java.lang=ALL-UNNAMED ^

diff --git a/launch/app/app.bndrun b/launch/app/app.bndrun
@@ -123,8 +123,8 @@ feature.openhab-model-runtime-all: \
 # done
 #
 -runbundles: \
-	org.ops4j.pax.logging.pax-logging-api;version='[2.2.6,2.2.7)',\
-	org.ops4j.pax.logging.pax-logging-log4j2;version='[2.2.6,2.2.7)',\
+	org.ops4j.pax.logging.pax-logging-api;version='[2.2.7,2.2.8)',\
+	org.ops4j.pax.logging.pax-logging-log4j2;version='[2.2.7,2.2.8)',\
 	com.fasterxml.jackson.core.jackson-annotations;version='[2.16.0,2.16.1)',\
 	com.fasterxml.jackson.core.jackson-core;version='[2.16.0,2.16.1)',\
 	com.fasterxml.jackson.core.jackson-databind;version='[2.16.0,2.16.1)',\
@@ -133,14 +133,14 @@ feature.openhab-model-runtime-all: \
 	com.fasterxml.jackson.datatype.jackson-datatype-jsr310;version='[2.16.0,2.16.1)',\
 	com.fasterxml.woodstox.woodstox-core;version='[6.5.1,6.5.2)',\
 	com.google.gson;version='[2.10.1,2.10.2)',\
-	com.google.guava;version='[33.0.0,33.0.1)',\
+	com.google.guava;version='[33.1.0,33.1.1)',\
 	com.google.guava.failureaccess;version='[1.0.2,1.0.3)',\
 	com.google.inject;version='[7.0.0,7.0.1)',\
 	com.sun.jna;version='[5.14.0,5.14.1)',\
 	com.sun.xml.bind.jaxb-osgi;version='[2.3.8,2.3.9)',\
 	de.focus_shift.jollyday-core;version='[0.27.0,0.27.1)',\
 	de.focus_shift.jollyday-jackson;version='[0.27.0,0.27.1)',\
-	io.github.classgraph.classgraph;version='[4.8.165,4.8.166)',\
+	io.github.classgraph.classgraph;version='[4.8.168,4.8.169)',\
 	io.methvin.directory-watcher;version='[0.18.0,0.18.1)',\
 	io.swagger.core.v3.swagger-annotations;version='[2.2.15,2.2.16)',\
 	io.swagger.core.v3.swagger-core;version='[2.2.15,2.2.16)',\
@@ -185,26 +185,26 @@ feature.openhab-model-runtime-all: \
 	org.eclipse.equinox.common;version='[3.17.100,3.17.101)',\
 	org.eclipse.equinox.event;version='[1.6.200,1.6.201)',\
 	org.eclipse.equinox.metatype;version='[1.4.500,1.4.501)',\
-	org.eclipse.jetty.alpn.client;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.client;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.http;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.http2.client;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.http2.common;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.http2.hpack;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.io;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.jaas;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.proxy;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.security;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.server;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.servlet;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.util;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.util.ajax;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.websocket.api;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.websocket.client;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.websocket.common;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.websocket.server;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.websocket.servlet;version='[9.4.53,9.4.54)',\
-	org.eclipse.jetty.xml;version='[9.4.53,9.4.54)',\
+	org.eclipse.jetty.alpn.client;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.client;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.http;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.http2.client;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.http2.common;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.http2.hpack;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.io;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.jaas;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.proxy;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.security;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.server;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.servlet;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.util;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.util.ajax;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.websocket.api;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.websocket.client;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.websocket.common;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.websocket.server;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.websocket.servlet;version='[9.4.54,9.4.55)',\
+	org.eclipse.jetty.xml;version='[9.4.54,9.4.55)',\
 	org.eclipse.xtend.lib;version='[2.34.0,2.34.1)',\
 	org.eclipse.xtend.lib.macro;version='[2.34.0,2.34.1)',\
 	org.eclipse.xtext;version='[2.34.0,2.34.1)',\
@@ -215,7 +215,7 @@ feature.openhab-model-runtime-all: \
 	org.glassfish.hk2.external.aopalliance-repackaged;version='[2.4.0,2.4.1)',\
 	org.glassfish.hk2.external.javax.inject;version='[2.4.0,2.4.1)',\
 	org.glassfish.hk2.osgi-resource-locator;version='[1.0.3,1.0.4)',\
-	org.objectweb.asm;version='[9.6.0,9.6.1)',\
+	org.objectweb.asm;version='[9.7.0,9.7.1)',\
 	org.objectweb.asm.commons;version='[9.6.0,9.6.1)',\
 	org.objectweb.asm.tree;version='[9.6.0,9.6.1)',\
 	org.objectweb.asm.tree.analysis;version='[9.6.0,9.6.1)',\

diff --git a/pom.xml b/pom.xml
@@ -61,7 +61,7 @@
     <ohc.version>4.2.0-SNAPSHOT</ohc.version>
     <oha.version>4.2.0-SNAPSHOT</oha.version>
 
-    <karaf.version>4.4.5</karaf.version>
+    <karaf.version>4.4.6</karaf.version>
 
     <oh.java.version>17</oh.java.version>
     <maven.compiler.release>${oh.java.version}</maven.compiler.release>