From 362f51902915dface3d83ca6ed2bdc377272480f Mon Sep 17 00:00:00 2001 From: Rundeck CI Date: Wed, 1 Jul 2026 09:51:20 -0700 Subject: [PATCH] RUN-4569 Mitigate Jackson CVE-2026-54512/54513 Bump rundeck-core to 6.1.0-SNAPSHOT, which pulls the patched jackson-databind 2.22.0 transitively and mitigates CVE-2026-54512 / CVE-2026-54513. - Standardize the axion-release plugin to 1.21.2. - Add the Central Portal Snapshots repository so the SNAPSHOT resolves. --- build.gradle | 7 +++++++ gradle/libs.versions.toml | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 0b1013b..e3d291a 100644 --- a/build.gradle +++ b/build.gradle @@ -39,6 +39,13 @@ apply plugin: 'java' repositories { mavenCentral() + maven { + name = 'Central Portal Snapshots' + url = 'https://central.sonatype.com/repository/maven-snapshots/' + content { + includeGroup('org.rundeck') + } + } } configurations { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index df6c554..1cd830b 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,11 +1,11 @@ [versions] # Plugins -axionRelease = "1.18.18" +axionRelease = "1.21.2" nexusPublish = "1.3.0" # Libraries groovy = "4.0.29" junit = "4.13.2" -rundeckCore = "6.0.0-alpha1-20260407" +rundeckCore = "6.1.0-SNAPSHOT" slf4j = "1.7.36" jgit = "6.6.1.202309021850-r" jgitSshApache = "6.6.1.202309021850-r"