From 5e876e28e6f7f74b4fe31010d6165f36ac85e398 Mon Sep 17 00:00:00 2001
From: jasperan <23caj23@gmail.com>
Date: Wed, 8 Jan 2025 23:14:15 +0100
Subject: [PATCH] fix: fixed high vulnerability CVEs

---
 .idea/springai-rag-db23ai.iml |  9 ++++++++
 pom.xml                       | 40 +++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 .idea/springai-rag-db23ai.iml

diff --git a/.idea/springai-rag-db23ai.iml b/.idea/springai-rag-db23ai.iml
new file mode 100644
index 0000000..d6ebd48
--- /dev/null
+++ b/.idea/springai-rag-db23ai.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index ffccb6c..bf87cba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,6 +21,46 @@
 	</properties>
 	<dependencyManagement>
 		<dependencies>
+			<!-- Update Logback to fix CVE-2023-6378 -->
+			<dependency>
+				<groupId>ch.qos.logback</groupId>
+				<artifactId>logback-classic</artifactId>
+				<version>1.4.14</version>
+			</dependency>
+			<dependency>
+				<groupId>ch.qos.logback</groupId>
+				<artifactId>logback-core</artifactId>
+				<version>1.4.14</version>
+			</dependency>
+
+			<!-- Update Jackson to fix CVE-2023-35116 -->
+			<dependency>
+				<groupId>com.fasterxml.jackson.core</groupId>
+				<artifactId>jackson-databind</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.datatype</groupId>
+				<artifactId>jackson-datatype-jdk8</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.datatype</groupId>
+				<artifactId>jackson-datatype-jsr310</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.module</groupId>
+				<artifactId>jackson-module-parameter-names</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+
+			<!-- Update Commons Compress to fix CVE-2024-25710, CVE-2024-26308, CVE-2023-42503 -->
+			<dependency>
+				<groupId>org.apache.commons</groupId>
+				<artifactId>commons-compress</artifactId>
+				<version>1.24.0</version>
+			</dependency>
 			<dependency>
 				<groupId>org.springframework.ai</groupId>
 				<artifactId>spring-ai-bom</artifactId>