diff --git a/CHANGELOG.md b/CHANGELOG.md index 511e6e1..2af2605 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # Change Log +### V2.1.3 + +- Fixed vulnerability CVE-2021-45105 +- Update to log4j version 2.17.0 + + +### V2.1.2 + +- Fixed vulnerability CVE-2021-45046 +- Update to log4j version 2.16.0 + + +### V2.1.1 + +- Fixed vulnerability CVE-2021-44228 +- Update to log4j version 2.15.0 + ### V2.1 - Release for APEX 2 diff --git a/README.md b/README.md index 6f7e806..07fefb2 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,8 @@ mvn package ``` The compiled _jar_ file will be located in the **target** folder -+ java-apex-api-security--SNAPSHOT.jar -+ java-apex-api-security--SNAPSHOT-jar-with-dependencies.jar (this includes log4j libraries) ++ java-apex-api-security-.jar ++ java-apex-api-security--jar-with-dependencies.jar (this includes log4j libraries) Import this jar file into your java classpath to use the utility class @@ -64,7 +64,7 @@ mvn install com.api.util ApiSecurity - 2.0.0-SNAPSHOT + 2.1.3 ``` @@ -76,12 +76,12 @@ mvn install org.apache.logging.log4j log4j-api - 2.14.1 + 2.17.0 org.apache.logging.log4j log4j-core - 2.14.1 + 2.17.0 ``` @@ -125,7 +125,7 @@ gradle test jacocoTestReport ``` The compiled _jar_ file will be located in the **build/libs** folder -+ java-apex-api-security-2.0.0-SNAPSHOT.jar ++ java-apex-api-security-2.1.3.jar Import this jar into your java classpath to use the utility class @@ -140,7 +140,7 @@ repositories { mavenLocal() } dependencies { - compile group: 'com.api.util', name: 'ApiSecurity', version: '2.0.0-SNAPSHOT' + compile group: 'com.api.util', name: 'ApiSecurity', version: '2.1.3' } ``` diff --git a/build.gradle b/build.gradle index f6ba05e..f83da13 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,8 @@ plugins { } -version '2.1.0' + +version '2.1.3' tasks.withType(JavaCompile) { options.encoding = "UTF-8" @@ -20,8 +21,8 @@ dependencies { //gradle 4.0 compile group: 'commons-lang', name: 'commons-lang', version: '2.4' - compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.14.1' - compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.14.1' + compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.0' + compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.0' compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1' compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1' compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.69' diff --git a/pom.xml b/pom.xml index 310c145..efb6135 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 com.api.util ApiSecurity - 2.1.0 + 2.1.3 @@ -80,12 +80,12 @@ org.apache.logging.log4j log4j-api - 2.14.1 + 2.17.0 org.apache.logging.log4j log4j-core - 2.14.1 + 2.17.0 commons-lang diff --git a/src/main/java/com/api/util/ApiSecurity/ApiSigning.java b/src/main/java/com/api/util/ApiSecurity/ApiSigning.java index 7598bb5..aee5631 100644 --- a/src/main/java/com/api/util/ApiSecurity/ApiSigning.java +++ b/src/main/java/com/api/util/ApiSecurity/ApiSigning.java @@ -12,6 +12,9 @@ import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.LogManager; +import org.bouncycastle.operator.InputDecryptorProvider; +import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo; + import org.bouncycastle.operator.InputDecryptorProvider; import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo; @@ -613,6 +616,7 @@ public static String getBaseString(String authPrefix String baseString = null; + try { authPrefix = authPrefix.toLowerCase();