-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fixes #735 apache tomcat upgrade to patch vulnerabilities #202
Conversation
Bumps commons-collections from 3.2.1 to 3.2.2. Signed-off-by: dependabot[bot] <support@github.com>
…he-tomcat-upgrade
…ble with future java versions (9 or above), the com.nickwondev fork is the new defacto standard
…lt so it will continue to work even if -P default is passed in.
WORKDIR $CATALINA_HOME | ||
EXPOSE 8080 | ||
CMD ["catalina.sh", "run"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Use newer mcneilco/tomcat-maven:1.3-openjdk8 build (minor tomcat bump to patch vulnerabilities and upgrade to centos8)
- Multi stage build to remove .m2 directory from final build.
- Consolidates the indigo and jchem Docker files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, we are only copying the .war and the expanded directory into Tomcat and nothing else.
<repository> | ||
<id>codehaus</id> | ||
<url>https://repository.codehaus.org/org/codehaus</url> | ||
<url>https://spring-roo-repository.springsource.org/release</url> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Switch to more secure https
</pluginRepository> | ||
<pluginRepository> | ||
<id>spring-roo-repository</id> | ||
<name>Spring Roo Repository</name> | ||
<url>http://spring-roo-repository.springsource.org/release</url> | ||
<url>https://spring-roo-repository.springsource.org/release</url> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
more https
</pluginRepository> | ||
</pluginRepositories> | ||
<!-- Maven Build profile controls whether to use JChem or Indigo --> | ||
<profiles> | ||
<profile> | ||
<id>default</id> | ||
<id>jchem</id> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is backwards compatable with -P default because it IS the default and so even if you provide a bad profile name like -P default
you just get a warning and then it uses this anyway.
@@ -312,7 +299,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |||
<dependency> | |||
<groupId>commons-collections</groupId> | |||
<artifactId>commons-collections</artifactId> | |||
<version>3.2.1</version> | |||
<version>3.2.2</version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Accepted an automatic bump request from github bot.
@@ -640,9 +627,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |||
</configuration> | |||
</plugin> | |||
<plugin> | |||
<groupId>org.codehaus.mojo</groupId> | |||
<groupId>com.nickwongdev</groupId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
org.codehaus.mojo isn't being maintained anymore and com.nickwongdev is now the defacto standard. This is more future proof and com.nickwongdev supports java 9+ if we decide to go there which org.codehaus.mojo does not.
</repository> | ||
<repository> | ||
<id>codehaus</id> | ||
<url>https://repository.codehaus.org/org/codehaus</url> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This repose weren't being used anywhere in the code so I removed them. This speeds up the build pretty significantly too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh gosh, wow. Out with the trash!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice cleanup
</repository> | ||
<repository> | ||
<id>codehaus</id> | ||
<url>https://repository.codehaus.org/org/codehaus</url> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh gosh, wow. Out with the trash!
WORKDIR $CATALINA_HOME | ||
EXPOSE 8080 | ||
CMD ["catalina.sh", "run"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, we are only copying the .war and the expanded directory into Tomcat and nothing else.
No description provided.