From f4f84d2b67f1e2722948df765564d645a3f218de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20H=C3=B8ydahl?= Date: Fri, 28 May 2021 14:17:36 +0200 Subject: [PATCH] SOLR-15439 Upgrade jose4j to v0.7.7 (#154) --- solr/CHANGES.txt | 2 ++ .../src/test/org/apache/solr/security/JWTAuthPluginTest.java | 2 +- solr/licenses/jose4j-0.6.5.jar.sha1 | 1 - solr/licenses/jose4j-0.7.7.jar.sha1 | 1 + versions.lock | 2 +- versions.props | 2 +- 6 files changed, 6 insertions(+), 4 deletions(-) delete mode 100644 solr/licenses/jose4j-0.6.5.jar.sha1 create mode 100644 solr/licenses/jose4j-0.7.7.jar.sha1 diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index d33b280ef412..ac810f2ee028 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -301,6 +301,8 @@ Other Changes * SOLR-15416: Remove metrics history collection (and MetricsHistoryHandler). (ab) +* SOLR-15439: Upgrade jose4j library used for JWT authentication processing, to v0.7.7 (janhoy) + Bug Fixes --------------------- * SOLR-14546: Fix for a relatively hard to hit issue in OverseerTaskProcessor that could lead to out of order execution diff --git a/solr/core/src/test/org/apache/solr/security/JWTAuthPluginTest.java b/solr/core/src/test/org/apache/solr/security/JWTAuthPluginTest.java index 2b1ce6064931..ca45080d3f61 100644 --- a/solr/core/src/test/org/apache/solr/security/JWTAuthPluginTest.java +++ b/solr/core/src/test/org/apache/solr/security/JWTAuthPluginTest.java @@ -320,7 +320,7 @@ public void algWhitelist() { plugin.init(testConfig); JWTAuthPlugin.JWTAuthenticationResponse resp = plugin.authenticate(testHeader); assertEquals(JWTAuthPlugin.JWTAuthenticationResponse.AuthCode.JWT_VALIDATION_EXCEPTION, resp.getAuthCode()); - assertTrue(resp.getErrorMessage().contains("not a whitelisted")); + assertTrue(resp.getErrorMessage().contains("not a permitted algorithm")); } @Test diff --git a/solr/licenses/jose4j-0.6.5.jar.sha1 b/solr/licenses/jose4j-0.6.5.jar.sha1 deleted file mode 100644 index b6fbefb36110..000000000000 --- a/solr/licenses/jose4j-0.6.5.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -524470e6ad000e3938f4c0f5e08bd423e95bd43a diff --git a/solr/licenses/jose4j-0.7.7.jar.sha1 b/solr/licenses/jose4j-0.7.7.jar.sha1 new file mode 100644 index 000000000000..c47ba06c7c38 --- /dev/null +++ b/solr/licenses/jose4j-0.7.7.jar.sha1 @@ -0,0 +1 @@ +cf1a02839a251731e92ba0134268fec3f79d4868 diff --git a/versions.lock b/versions.lock index 17ca56d596a0..098a8c9453bb 100644 --- a/versions.lock +++ b/versions.lock @@ -173,7 +173,7 @@ org.apache.xmlbeans:xmlbeans:3.1.0 (1 constraints: 0605fd35) org.apache.zookeeper:zookeeper:3.7.0 (1 constraints: 0c050f36) org.apache.zookeeper:zookeeper-jute:3.7.0 (1 constraints: 8a0d3a28) org.aspectj:aspectjrt:1.8.0 (1 constraints: 0b050836) -org.bitbucket.b_c:jose4j:0.6.5 (1 constraints: 0d050236) +org.bitbucket.b_c:jose4j:0.7.7 (1 constraints: 10050736) org.bouncycastle:bcmail-jdk15on:1.64 (1 constraints: df04ff30) org.bouncycastle:bcpkix-jdk15on:1.64 (1 constraints: df04ff30) org.bouncycastle:bcprov-jdk15on:1.64 (1 constraints: df04ff30) diff --git a/versions.props b/versions.props index aa429c0e0578..dc5d3b901be7 100644 --- a/versions.props +++ b/versions.props @@ -96,7 +96,7 @@ org.apache.xmlbeans:xmlbeans=3.1.0 org.apache.zookeeper:*=3.7.0 org.asciidoctor:asciidoctorj=1.6.2 org.aspectj:aspectjrt=1.8.0 -org.bitbucket.b_c:jose4j=0.6.5 +org.bitbucket.b_c:jose4j=0.7.7 org.bouncycastle:*=1.64 org.brotli:dec=0.1.2 org.carrot2:carrot2-core=4.0.4