fixes #735 apache tomcat upgrade to patch vulnerabilities #202
Conversation
Bumps commons-collections from 3.2.1 to 3.2.2. Signed-off-by: dependabot[bot] <support@github.com>
…he-tomcat-upgrade
…ble with future java versions (9 or above), the com.nickwondev fork is the new defacto standard
…lt so it will continue to work even if -P default is passed in.
| WORKDIR $CATALINA_HOME | ||
| EXPOSE 8080 | ||
| CMD ["catalina.sh", "run"] |
There was a problem hiding this comment.
- Use newer mcneilco/tomcat-maven:1.3-openjdk8 build (minor tomcat bump to patch vulnerabilities and upgrade to centos8)
- Multi stage build to remove .m2 directory from final build.
- Consolidates the indigo and jchem Docker files
There was a problem hiding this comment.
I see, we are only copying the .war and the expanded directory into Tomcat and nothing else.
| <repository> | ||
| <id>codehaus</id> | ||
| <url>https://repository.codehaus.org/org/codehaus</url> | ||
| <url>https://spring-roo-repository.springsource.org/release</url> |
There was a problem hiding this comment.
Switch to more secure https
| </pluginRepository> | ||
| <pluginRepository> | ||
| <id>spring-roo-repository</id> | ||
| <name>Spring Roo Repository</name> | ||
| <url>http://spring-roo-repository.springsource.org/release</url> | ||
| <url>https://spring-roo-repository.springsource.org/release</url> |
| </pluginRepository> | ||
| </pluginRepositories> | ||
| <!-- Maven Build profile controls whether to use JChem or Indigo --> | ||
| <profiles> | ||
| <profile> | ||
| <id>default</id> | ||
| <id>jchem</id> |
There was a problem hiding this comment.
This is backwards compatable with -P default because it IS the default and so even if you provide a bad profile name like -P default you just get a warning and then it uses this anyway.
| @@ -312,7 +299,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |||
| <dependency> | |||
| <groupId>commons-collections</groupId> | |||
| <artifactId>commons-collections</artifactId> | |||
| <version>3.2.1</version> | |||
| <version>3.2.2</version> | |||
There was a problem hiding this comment.
Accepted an automatic bump request from github bot.
| @@ -640,9 +627,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.]]> | |||
| </configuration> | |||
| </plugin> | |||
| <plugin> | |||
| <groupId>org.codehaus.mojo</groupId> | |||
| <groupId>com.nickwongdev</groupId> | |||
There was a problem hiding this comment.
org.codehaus.mojo isn't being maintained anymore and com.nickwongdev is now the defacto standard. This is more future proof and com.nickwongdev supports java 9+ if we decide to go there which org.codehaus.mojo does not.
| </repository> | ||
| <repository> | ||
| <id>codehaus</id> | ||
| <url>https://repository.codehaus.org/org/codehaus</url> |
There was a problem hiding this comment.
This repose weren't being used anywhere in the code so I removed them. This speeds up the build pretty significantly too.
There was a problem hiding this comment.
Oh gosh, wow. Out with the trash!
| </repository> | ||
| <repository> | ||
| <id>codehaus</id> | ||
| <url>https://repository.codehaus.org/org/codehaus</url> |
There was a problem hiding this comment.
Oh gosh, wow. Out with the trash!
| WORKDIR $CATALINA_HOME | ||
| EXPOSE 8080 | ||
| CMD ["catalina.sh", "run"] |
There was a problem hiding this comment.
I see, we are only copying the .war and the expanded directory into Tomcat and nothing else.
No description provided.