Update Undertow to fix CVE-2020-10687

An important security vulnerabilities was discovered in all versions of Undertow before Undertow 2.2.0.Final. JHipster release v6.10.5 fixes this security vulnerabilities. https://www.jhipster.tech/2020/11/07/jhipster-release-6.10.5.html https://nvd.nist.gov/vuln/detail/CVE-2020-10687
jhipster · Nov 7, 2020 · 94ae28d · 94ae28d
1 parent 431d961
commit 94ae28d
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 11 deletions.
diff --git a/.yo-rc.json b/.yo-rc.json
@@ -1,6 +1,6 @@
 {
   "generator-jhipster": {
-    "jhipsterVersion": "6.10.4",
+    "jhipsterVersion": "6.10.5",
     "baseName": "JHipsterRegistry",
     "packageName": "io.github.jhipster.registry",
     "packageFolder": "io/github/jhipster/registry",

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -54,7 +54,7 @@
     "eslint-loader": "4.0.2",
     "file-loader": "6.0.0",
     "friendly-errors-webpack-plugin": "1.7.0",
-    "generator-jhipster": "6.10.4",
+    "generator-jhipster": "6.10.5",
     "html-loader": "1.1.0",
     "html-webpack-plugin": "4.3.0",
     "husky": "4.2.5",

diff --git a/pom.xml b/pom.xml
@@ -30,7 +30,7 @@
         <profile.tls />
 
         <!-- Dependency versions -->
-        <jhipster-dependencies.version>3.9.0</jhipster-dependencies.version>
+        <jhipster-dependencies.version>3.9.1</jhipster-dependencies.version>
         <!-- The spring-boot version should match the one managed by
         https://mvnrepository.com/artifact/io.github.jhipster/jhipster-dependencies/${jhipster-dependencies.version} -->
         <spring-boot.version>2.2.7.RELEASE</spring-boot.version>

diff --git a/sonar-project.properties b/sonar-project.properties
@@ -25,9 +25,9 @@ sonar.issue.ignore.multicriteria.UndocumentedApi.ruleKey=squid:UndocumentedApi
 # Rule https://sonarcloud.io/coding_rules?open=squid%3AS4502&rule_key=squid%3AS4502 is ignored, as for JWT tokens we are not subject to CSRF attack
 sonar.issue.ignore.multicriteria.S4502.resourceKey=src/main/java/**/*
 sonar.issue.ignore.multicriteria.S4502.ruleKey=squid:S4502
-# Rule https://sonarcloud.io/coding_rules?open=squid%3AS4684&rule_key=squid%3AS4684
+# Rule https://sonarcloud.io/coding_rules?open=java%3AS4684&rule_key=java%3AS4684
 sonar.issue.ignore.multicriteria.S4684.resourceKey=src/main/java/**/*
-sonar.issue.ignore.multicriteria.S4684.ruleKey=squid:S4684
+sonar.issue.ignore.multicriteria.S4684.ruleKey=java:S4684
 # Rule https://sonarcloud.io/coding_rules?open=Web%3ABoldAndItalicTagsCheck&rule_key=Web%3ABoldAndItalicTagsCheck is ignored. Even if we agree that using the "i" tag is an awful practice, this is what is recommended by http://fontawesome.io/examples/
 sonar.issue.ignore.multicriteria.BoldAndItalicTagsCheck.resourceKey=src/main/webapp/app/**/*.*
 sonar.issue.ignore.multicriteria.BoldAndItalicTagsCheck.ruleKey=Web:BoldAndItalicTagsCheck