From 8ac6dc5ccab70d2156bbc699f2949f58d070a1e9 Mon Sep 17 00:00:00 2001 From: PauloASilva Date: Thu, 4 Jul 2024 10:55:28 +0100 Subject: [PATCH 01/22] fix(docker): deprecated MAINTAINER instruction --- VMs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMs/Dockerfile b/VMs/Dockerfile index a2faa9a6cd..bbc2c22761 100644 --- a/VMs/Dockerfile +++ b/VMs/Dockerfile @@ -1,6 +1,6 @@ # This dockerfile builds a container that pulls down and runs the latest version of BenchmarkJava FROM ubuntu:latest -MAINTAINER "Dave Wichers dave.wichers@owasp.org" +LABEL org.opencontainers.image.authors="Dave Wichers dave.wichers@owasp.org" RUN apt-get update RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata From 63b11d625793134110c482f0a68f2b8368594b58 Mon Sep 17 00:00:00 2001 From: PauloASilva Date: Thu, 4 Jul 2024 10:56:35 +0100 Subject: [PATCH 02/22] fix(docker): legacy "ENV key value" format --- VMs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMs/Dockerfile b/VMs/Dockerfile index bbc2c22761..4ee0191ec0 100644 --- a/VMs/Dockerfile +++ b/VMs/Dockerfile @@ -35,7 +35,7 @@ RUN useradd -d /home/bench -m -s /bin/bash bench RUN echo bench:bench | chpasswd RUN chown -R bench /owasp/ -ENV PATH /owasp/BenchmarkJava:$PATH +ENV PATH=/owasp/BenchmarkJava:$PATH # start up Benchmark once, for 60 seconds, then kill it, so the additional dependencies required to run it are downloaded/cached in the image as well. # exit 0 is required to return a 'success' code, otherwise the timeout returns a failure code, causing the Docker build to fail. From cbcb9ea4a4c6cb1c08f942f479f1b766e1f68361 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 11:03:39 +0000 Subject: [PATCH 03/22] Bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0 Bumps [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/apache/maven-resources-plugin/releases) - [Commits](https://github.com/apache/maven-resources-plugin/compare/maven-resources-plugin-3.3.1...v3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-resources-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a5d5d779ba..195a2a2c2b 100644 --- a/pom.xml +++ b/pom.xml @@ -1017,7 +1017,7 @@ org.apache.maven.plugins maven-resources-plugin - 3.3.1 + 3.4.0 From b50ec2afc07e177af47b4a419baa790475046825 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 11:03:44 +0000 Subject: [PATCH 04/22] Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0 Bumps [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](https://github.com/apache/maven-assembly-plugin/compare/maven-assembly-plugin-3.7.1...v3.8.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a5d5d779ba..5f7e93778c 100644 --- a/pom.xml +++ b/pom.xml @@ -885,7 +885,7 @@ org.apache.maven.plugins maven-assembly-plugin - 3.7.1 + 3.8.0 org.apache.maven.plugins From e70b8dac68627de02c19b81be2a9c5898d05b546 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 11:05:36 +0000 Subject: [PATCH 05/22] Bump org.apache.maven.plugins:maven-war-plugin from 3.5.0 to 3.5.1 Bumps [org.apache.maven.plugins:maven-war-plugin](https://github.com/apache/maven-war-plugin) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/apache/maven-war-plugin/releases) - [Commits](https://github.com/apache/maven-war-plugin/compare/maven-war-plugin-3.5.0...maven-war-plugin-3.5.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-war-plugin dependency-version: 3.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a5d5d779ba..f1ba1f3efc 100644 --- a/pom.xml +++ b/pom.xml @@ -1044,7 +1044,7 @@ org.apache.maven.plugins maven-war-plugin - 3.5.0 + 3.5.1 ${maven.war.webxml} From ed937c02c11a9650e21ec553f8f6e49161c519c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 11:05:00 +0000 Subject: [PATCH 06/22] Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0 Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.2.0...maven-release-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a5d5d779ba..4e9f0b2804 100644 --- a/pom.xml +++ b/pom.xml @@ -904,7 +904,7 @@ org.apache.maven.plugins maven-release-plugin - 3.2.0 + 3.3.0 From 02fb88d499d4bd07eb7b59e9c873f51c94df2c09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 11:05:55 +0000 Subject: [PATCH 07/22] Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 Bumps [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) from 3.3.0 to 3.3.1. - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](https://github.com/apache/maven-release/compare/maven-release-3.3.0...maven-release-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8d35c162c2..89c044831c 100644 --- a/pom.xml +++ b/pom.xml @@ -904,7 +904,7 @@ org.apache.maven.plugins maven-release-plugin - 3.3.0 + 3.3.1 From 21e104cc53c031332cefacb19ab60e03facc2789 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 11:06:03 +0000 Subject: [PATCH 08/22] Bump org.apache.httpcomponents.core5:httpcore5 from 5.3.6 to 5.4 Bumps [org.apache.httpcomponents.core5:httpcore5](https://github.com/apache/httpcomponents-core) from 5.3.6 to 5.4. - [Changelog](https://github.com/apache/httpcomponents-core/blob/master/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-core/compare/rel/v5.3.6...rel/v5.4) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.core5:httpcore5 dependency-version: '5.4' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8d35c162c2..bd4dbe7fbd 100644 --- a/pom.xml +++ b/pom.xml @@ -771,7 +771,7 @@ org.apache.httpcomponents.core5 httpcore5 - 5.3.6 + 5.4 From 0d0d1be86ab3e9dc3ce45262270d93d9ca8a9e4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 11:14:26 +0000 Subject: [PATCH 09/22] Bump actions/upload-artifact from 5 to 6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a2635b225b..e235340075 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -46,7 +46,7 @@ jobs: uses: github/codeql-action/analyze@v4 - name: Upload Output - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: ${{ matrix.language }} SARIF path: ${{ runner.workspace }}/results/*.sarif From 5ed20d1b0324594846f5826cd382f1f7753b194c Mon Sep 17 00:00:00 2001 From: Dave Wichers Date: Mon, 15 Dec 2025 12:00:14 -0500 Subject: [PATCH 10/22] Upgrade Tomcat version. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index df59b49ddb..8a73b1dab2 100644 --- a/pom.xml +++ b/pom.xml @@ -1255,7 +1255,7 @@ 5.3.39 9 - 9.0.109 + 9.0.113 https://archive.apache.org/dist/tomcat/tomcat-${tomcat.major.version}/v${version.tomcat}/bin/apache-tomcat-${version.tomcat}.zip From 45bab03e54ca236598365ae2adeb89e41c6b76b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 11:03:40 +0000 Subject: [PATCH 11/22] Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6 Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.5.1 to 5.6. - [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5.1...rel/v5.6) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-version: '5.6' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8a73b1dab2..ac34ba161e 100644 --- a/pom.xml +++ b/pom.xml @@ -765,7 +765,7 @@ org.apache.httpcomponents.client5 httpclient5 - 5.5.1 + 5.6 From 0fa407673ff66f06db77f6934b5ba79b7567cfa9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jan 2026 11:05:16 +0000 Subject: [PATCH 12/22] Bump org.codehaus.cargo:cargo-maven3-plugin from 1.10.25 to 1.10.26 Bumps org.codehaus.cargo:cargo-maven3-plugin from 1.10.25 to 1.10.26. --- updated-dependencies: - dependency-name: org.codehaus.cargo:cargo-maven3-plugin dependency-version: 1.10.26 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ac34ba161e..2d82960bd9 100644 --- a/pom.xml +++ b/pom.xml @@ -1053,7 +1053,7 @@ org.codehaus.cargo cargo-maven3-plugin - 1.10.25 + 1.10.26 From dc9abba6346a440e38841bcb3c13dc0c13ac99af Mon Sep 17 00:00:00 2001 From: Sascha Knoop Date: Sun, 11 Jan 2026 16:05:04 +0100 Subject: [PATCH 13/22] fix wrong hostname --- .../java/org/owasp/benchmark/report/sonarqube/SonarReport.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java b/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java index 5498447d0f..c9fb1459f9 100644 --- a/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java +++ b/src/main/java/org/owasp/benchmark/report/sonarqube/SonarReport.java @@ -24,7 +24,7 @@ public class SonarReport { private static final String SONAR_USER = "admin"; private static final String SONAR_PASSWORD = "P4ssword!!!!"; private static final String SONAR_PROJECT = "benchmark"; - public static final String SONAR_HOST = "ubuntu-server"; + public static final String SONAR_HOST = "localhost"; public static final String SONAR_PORT = "9876"; private static final int PAGE_SIZE = 500; From 3b4bdf5dbcb695f80be2bc1bc93e0e414ab559de Mon Sep 17 00:00:00 2001 From: Sascha Knoop Date: Sun, 11 Jan 2026 16:09:23 +0100 Subject: [PATCH 14/22] fix-outdated-urls --- README.md | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 881f16f85a..f3cd9edf60 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,25 @@ # OWASP Benchmark for Java -The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so it's a fair test for any kind of application vulnerability detection tool. -The Benchmark project also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time. This scoring capability is implemented in the BenchmarkUtils project, which is at: https://github.com/OWASP/BenchmarkUtils. +The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection +tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security +Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent +is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so it's a +fair test for any kind of application vulnerability detection tool. -The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details. +The Benchmark project also includes scorecard generators for numerous open source and commercial AST tools, and the set +of supported tools is growing all the time. This scoring capability is implemented in the BenchmarkUtils project, which +is at: https://github.com/OWASP-Benchmark/BenchmarkUtils. -The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/BenchmarkJava/releases, are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull). +The project documentation is all on the OWASP site at the OWASP +Benchmark project pages. Please refer to that site for all the project details. + +The current latest release is v1.2. Note that all the releases that are available +here: https://github.com/OWASP-Benchmark/BenchmarkJava/releases, are historical. The latest release is always available +live by +simply cloning or pulling the head of this repository (i.e., git pull). Running Benchmark Itself: + * runBenchmark.sh - run the Benchmark Web Application (accessible via local machine only) -* runRemoteAccessibleBenchmark.sh - like the above but allows port 8443 to be accessible outside the machine Benchmark is running on. +* runRemoteAccessibleBenchmark.sh - like the above but allows port 8443 to be accessible outside the machine Benchmark + is running on. From e36b02892b6ab6cc950c23c50f585e57e2455dab Mon Sep 17 00:00:00 2001 From: davewichers Date: Sun, 11 Jan 2026 14:42:27 -0500 Subject: [PATCH 15/22] Add instructions on how to publish the updated Benchmark for Java Docker image to Docker Hub. --- VMs/buildDockerImage.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/VMs/buildDockerImage.sh b/VMs/buildDockerImage.sh index 6c96f0a8c1..b0dd310374 100755 --- a/VMs/buildDockerImage.sh +++ b/VMs/buildDockerImage.sh @@ -11,3 +11,6 @@ fi docker image rm benchmark:latest docker build -t benchmark . +# Once verified/tested, to publish an update to the OWASP Benchmark Docker image, run the following: +# docker push owasp/benchmark:latest + From 6ff6662570ee9a8e191b0bed91b256b14094c985 Mon Sep 17 00:00:00 2001 From: Sascha Knoop Date: Sun, 11 Jan 2026 22:15:00 +0100 Subject: [PATCH 16/22] remove linebreaks --- README.md | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index f3cd9edf60..fd9787cd08 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,12 @@ # OWASP Benchmark for Java +The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so it's a fair test for any kind of application vulnerability detection tool. -The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection -tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security -Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent -is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so it's a -fair test for any kind of application vulnerability detection tool. +The Benchmark project also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time. This scoring capability is implemented in the BenchmarkUtils project, which is at: https://github.com/OWASP-Benchmark/BenchmarkUtils. -The Benchmark project also includes scorecard generators for numerous open source and commercial AST tools, and the set -of supported tools is growing all the time. This scoring capability is implemented in the BenchmarkUtils project, which -is at: https://github.com/OWASP-Benchmark/BenchmarkUtils. +The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details. -The project documentation is all on the OWASP site at the OWASP -Benchmark project pages. Please refer to that site for all the project details. - -The current latest release is v1.2. Note that all the releases that are available -here: https://github.com/OWASP-Benchmark/BenchmarkJava/releases, are historical. The latest release is always available -live by -simply cloning or pulling the head of this repository (i.e., git pull). +The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP-Benchmark/BenchmarkJava/releases, are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull). Running Benchmark Itself: - * runBenchmark.sh - run the Benchmark Web Application (accessible via local machine only) -* runRemoteAccessibleBenchmark.sh - like the above but allows port 8443 to be accessible outside the machine Benchmark - is running on. +* runRemoteAccessibleBenchmark.sh - like the above but allows port 8443 to be accessible outside the machine Benchmark is running on. From 89214f78c3f9b8bda351e00c43f28967f7f67564 Mon Sep 17 00:00:00 2001 From: Dave Wichers Date: Tue, 13 Jan 2026 17:40:35 -0500 Subject: [PATCH 17/22] Make database helper method private since not intended to be used by test cases. --- src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java b/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java index 15f206770d..3d271a3f47 100644 --- a/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java +++ b/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java @@ -41,6 +41,7 @@ public class DatabaseHelper { new org.owasp.benchmark.helpers.HibernateUtil(true); public static final boolean hideSQLErrors = false; // If we want SQL Exceptions to be suppressed from being displayed to the user of + // the web app. static { @@ -168,7 +169,7 @@ public static java.sql.Connection getSqlConnection() { return conn; } - public static void executeSQLCommand(String sql) throws Exception { + private static void executeSQLCommand(String sql) throws Exception { Statement stmt = getSqlStatement(); stmt.executeUpdate(sql); } From e9f8ac9d5f524d0d81c62f80559ec1dc3d204e8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 12:35:02 +0000 Subject: [PATCH 18/22] Bump com.fasterxml.jackson.core:jackson-databind from 2.20.1 to 2.21.0 Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.20.1 to 2.21.0. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2d82960bd9..7b1509d97a 100644 --- a/pom.xml +++ b/pom.xml @@ -854,7 +854,7 @@ com.fasterxml.jackson.core jackson-databind - 2.20.1 + 2.21.0 From 76387129051b423fd7fe52d6e9ec2b539c8629f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 12:35:15 +0000 Subject: [PATCH 19/22] Bump org.codehaus.mojo:versions-maven-plugin from 2.20.1 to 2.21.0 Bumps [org.codehaus.mojo:versions-maven-plugin](https://github.com/mojohaus/versions) from 2.20.1 to 2.21.0. - [Release notes](https://github.com/mojohaus/versions/releases) - [Changelog](https://github.com/mojohaus/versions/blob/master/ReleaseNotes.md) - [Commits](https://github.com/mojohaus/versions/compare/2.20.1...2.21.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:versions-maven-plugin dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2d82960bd9..a89e89971f 100644 --- a/pom.xml +++ b/pom.xml @@ -1059,7 +1059,7 @@ org.codehaus.mojo versions-maven-plugin - 2.20.1 + 2.21.0 From f63d410c1925b387e94cdd08ed948b4db5d12bbc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Jan 2026 11:05:46 +0000 Subject: [PATCH 20/22] Bump com.diffplug.spotless:spotless-maven-plugin from 3.1.0 to 3.2.0 Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/diffplug/spotless/releases) - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](https://github.com/diffplug/spotless/compare/lib/3.1.0...lib/3.2.0) --- updated-dependencies: - dependency-name: com.diffplug.spotless:spotless-maven-plugin dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8dcb51f1c3..13049270bb 100644 --- a/pom.xml +++ b/pom.xml @@ -1104,7 +1104,7 @@ com.diffplug.spotless spotless-maven-plugin - 3.1.0 + 3.2.0 origin/master From b66269f5f0441425d18a4fde87f93e1f6c0168d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 11:03:43 +0000 Subject: [PATCH 21/22] Bump com.diffplug.spotless:spotless-maven-plugin from 3.2.0 to 3.2.1 Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/diffplug/spotless/releases) - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](https://github.com/diffplug/spotless/compare/lib/3.2.0...maven/3.2.1) --- updated-dependencies: - dependency-name: com.diffplug.spotless:spotless-maven-plugin dependency-version: 3.2.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 13049270bb..2b86f0676b 100644 --- a/pom.xml +++ b/pom.xml @@ -1104,7 +1104,7 @@ com.diffplug.spotless spotless-maven-plugin - 3.2.0 + 3.2.1 origin/master From ab0b0ce1496565f5cc07ae3ffd9e22de916bef67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:05:36 +0000 Subject: [PATCH 22/22] Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 Bumps [commons-codec:commons-codec](https://github.com/apache/commons-codec) from 1.20.0 to 1.21.0. - [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt) - [Commits](https://github.com/apache/commons-codec/compare/rel/commons-codec-1.20.0...rel/commons-codec-1.21.0) --- updated-dependencies: - dependency-name: commons-codec:commons-codec dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2b86f0676b..1bdb59f2ad 100644 --- a/pom.xml +++ b/pom.xml @@ -624,7 +624,7 @@ commons-codec commons-codec - 1.20.0 + 1.21.0