Several vulernabilities were identified within existing dependencies of Atom Hopper which have been patched in newer versions. Along with the version changes, an upgrade from Spring 3 to Spring 4 is being pushed.
In addition, Joda Time is being kept up to date until a Java migration at a later date.
Also, I found some typos in comments/logging while onboarding that I didn't have the opportunity to address until now.
Code Changes
Dependency Updates
Dependency updates took place in the pom.xml and atomhopper/pom.xml files.
Test Updates
The Spring Framework migration from 3 to 4 depcrecated the queryForInt method. To address, the queryForObject method has been employed while passing Integer.class to replicate functionality. This also requires using an explicit matcher using eq for the first parameter. These changes can be found in the following locations:
cd adapter/src/test/java/org/atomhopper/postgres/adapter
view PostgresFeedSourceTest.java
cd adapters/jdbc/src/test/java/org/atomhopper/jdbc/adapter
view JdbcFeedSourceTest.java
Misc Updates
There are a number of minor string updates to correct typos. These are negligible in impact but should be evaluated for correctness in the following locations:
Change Overview
Several vulernabilities were identified within existing dependencies of Atom Hopper which have been patched in newer versions. Along with the version changes, an upgrade from Spring 3 to Spring 4 is being pushed.
The following dependencies are being being updated for this reason: jetty http-commons-client springframework
In addition, Joda Time is being kept up to date until a Java migration at a later date.
Also, I found some typos in comments/logging while onboarding that I didn't have the opportunity to address until now.
Code Changes
Dependency Updates
Dependency updates took place in the
pom.xml
andatomhopper/pom.xml
files.Test Updates
The Spring Framework migration from 3 to 4 depcrecated the
queryForInt
method. To address, thequeryForObject
method has been employed while passingInteger.class
to replicate functionality. This also requires using an explicit matcher usingeq
for the first parameter. These changes can be found in the following locations:Misc Updates
There are a number of minor string updates to correct typos. These are negligible in impact but should be evaluated for correctness in the following locations:
HibernateFeedRepository
Comment:
caretories
->categories
Comment:aving
->having
SearchToSqlConverter
Comment:
eventype
->eventtype
AtomHopperServerControl
Logging:
occured
->occurred
Validate Updates
I validated state dependencies with
mvn install
as runtime dependencies will require a release to check. RIP.Additional Info
Stories: https://jira.rax.io/browse/CF-2428 https://jira.rax.io/browse/CF-2429 https://jira.rax.io/browse/CF-2430