From 958e78ba108fb1ae3c5e8d3ca3ca0745f7407095 Mon Sep 17 00:00:00 2001
From: MingYi <bluedabedi@hotmail.com>
Date: Fri, 21 Oct 2016 14:44:11 +0800
Subject: [PATCH 1/2] Demo update transitive dependency

From commons-collections 3.2.1 to 3.2.2
---
 build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/build.gradle b/build.gradle
index b7d1ef1..fddd4c8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -24,6 +24,7 @@ dependencies {
     compile group: 'org.apache.kafka', name: 'kafka_2.11', version: '0.9.0.1'
     compile group: 'net.bull.javamelody', name: 'javamelody-core', version: '1.59.0'
     compile group: 'com.orientechnologies', name: 'orientdb-server', version: '2.1.9'
+    compile 'commons-collections:commons-collections:3.2.2'
 }
 
 defaultTasks 'build'

From 2b48fbe79a3c8ab6c802c222f99e07fc6ae79f0c Mon Sep 17 00:00:00 2001
From: MingYi <bluedabedi@hotmail.com>
Date: Fri, 21 Oct 2016 15:17:31 +0800
Subject: [PATCH 2/2] Updated dependencies with reported vulnerabilities

jbcrypt has no fixed versions at the time of scan.
---
 build.gradle                       | 20 +++++++++++++-------
 src/main/java/com/srcclr/Main.java |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/build.gradle b/build.gradle
index fddd4c8..a497007 100644
--- a/build.gradle
+++ b/build.gradle
@@ -16,15 +16,21 @@ compileJava {
 dependencies {
     testCompile group: 'junit', name: 'junit', version: '4.11'
     compile group: 'org.mindrot', name: 'jbcrypt', version: '0.3m'
-    compile group: 'org.springframework', name: 'spring-web', version: '3.1.1.RELEASE'
-    compile group: 'org.apache.sling', name: 'org.apache.sling.engine', version: '2.0.4-incubator'
-    compile group: 'org.keycloak', name: 'keycloak-saml-core', version: '1.8.1.Final'
+    compile group: 'org.springframework', name: 'spring-web', version: '4.3.3.RELEASE'
+    compile group: 'org.apache.sling', name: 'org.apache.sling.engine', version: '2.4.6'
+    compile group: 'org.keycloak', name: 'keycloak-saml-core', version: '2.2.1.Final'
     compile group: 'org.neo4j', name: 'neo4j-jmx', version: '1.3'
-    compile group: 'com.h2database', name: 'h2', version: '1.3.176'
-    compile group: 'org.apache.kafka', name: 'kafka_2.11', version: '0.9.0.1'
-    compile group: 'net.bull.javamelody', name: 'javamelody-core', version: '1.59.0'
-    compile group: 'com.orientechnologies', name: 'orientdb-server', version: '2.1.9'
+    compile group: 'com.h2database', name: 'h2', version: '1.4.192'
+    compile group: 'org.apache.kafka', name: 'kafka_2.11', version: '0.10.1.0'
+    compile group: 'net.bull.javamelody', name: 'javamelody-core', version: '1.62.0'
+    compile group: 'com.orientechnologies', name: 'orientdb-server', version: '2.2.12'
+    compile 'org.neo4j:neo4j-jmx:3.0.0-M05'
     compile 'commons-collections:commons-collections:3.2.2'
+    compile 'commons-fileupload:commons-fileupload:1.3.2'
+    compile 'org.apache.zookeeper:zookeeper:3.4.7'
+    compile 'net.jpountz.lz4:lz4:1.3.0'
+    compile 'io.netty:netty:3.9.8.Final'
+    compile 'com.fasterxml.jackson.core:jackson-core:2.8.4'
 }
 
 defaultTasks 'build'
diff --git a/src/main/java/com/srcclr/Main.java b/src/main/java/com/srcclr/Main.java
index f9c886d..22f8e43 100644
--- a/src/main/java/com/srcclr/Main.java
+++ b/src/main/java/com/srcclr/Main.java
@@ -23,7 +23,7 @@ private static void filterXMLSignature() {
 
     try {
       new MultipartStream(new ByteArrayInputStream(bytes), bytes);
-    } catch (IOException ignored) {
+    } catch (Exception ignored) {
     }
 
     new XMLSignatureInput(bytes).addNodeFilter(null);