Upgrade camunda and graalvm for Ramsons (R1 2025)

Description

Upgrade camunda dependency and graalvm dependencies to production ready versions without known security vulnerabilities.

Upgrading them will fix security vulnerabilities in these indirect dependencies:

https://security.snyk.io/package/maven/com.fasterxml.jackson.core:jackson-databind
https://security.snyk.io/package/maven/org.bouncycastle:bcprov-jdk18on
https://security.snyk.io/package/maven/ch.qos.logback:logback-classic
https://security.snyk.io/package/maven/ch.qos.logback:logback-core
https://security.snyk.io/package/maven/org.springframework:spring-web

See also the graalvm migration notes that mentions the requirement to add <type>pom</type> to theorg.graalvm.polyglot:js dependency in the pom.xml.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

Activity

Show:

Done

Details

Assignee

Kevin Day

Reporter

Julian Ladisch

Labels

security

Priority

TBD

Development Team

Aggies

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created October 31, 2024 at 4:13 PM

Updated January 7, 2025 at 8:45 PM

Resolved January 7, 2025 at 8:45 PM

Configure

TestRail: Cases

TestRail: Runs