First commit

RegioneER · Jun 24, 2024 · 45c4a3d · 45c4a3d
1 parent 3a266a7
commit 45c4a3d
Show file tree

Hide file tree

Showing 24 changed files with 2,170 additions and 270 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,50 @@
+
+## 1.22.1 (24-06-2024)
+
+### Bugfix: 1
+- [#32811](https://parermine.regione.emilia-romagna.it/issues/32811)  Correzione gestione "log level error" nei casi di errori "non previsti" da "gestiti in verifica firma digitale"
+
+## 1.22.0 (12-06-2024)
+
+### Novità: 1
+- [#32708](https://parermine.regione.emilia-romagna.it/issues/32708) Disattivazione PDF/PADES validation security checks (DSS)
+
+## 1.21.0 (10-06-2024)
+
+### Novità: 1
+- [#32690](https://parermine.regione.emilia-romagna.it/issues/32690)  Introduzione di logica centralizzata per invocazione revocation URL via "single client instance" (DSS)
+
+## 1.20.0 (06-06-2024)
+
+### Novità: 1
+- [#32661](https://parermine.regione.emilia-romagna.it/issues/32661) Ottimizzazione/Re-factor apache client utilizzato per recupero documento da verificare e parametro per disattivazione verifica SSL
+
+## 1.19.0 (31-05-2024)
+
+### Novità: 1
+- [#32644](https://parermine.regione.emilia-romagna.it/issues/32644) Introduzione logging JSON body request
+
+## 1.18.0 (22-05-2024)
+
+### Novità: 1
+- [#32595](https://parermine.regione.emilia-romagna.it/issues/32595) Introduzione Apache basic client "no-retry" per recupero oggetto da object storage
+
+## 1.17.0 (10-04-2024)
+
+### Novità: 2
+- [#31808](https://parermine.regione.emilia-romagna.it/issues/31808) Rilassamento vincoli con verifica OCSP e data certificato antecedenete a quella del responder
+- [#31709](https://parermine.regione.emilia-romagna.it/issues/31709) Gestione migliorata sorgenti revoche (cache / online)
+
 ## 1.16.0 (14-03-2024)
 
 ### Novità: 1
 - [#31419](https://parermine.regione.emilia-romagna.it/issues/31419) Attivazione statistiche per monitoraggio con prometheus
 
+## 1.15.1 (16-02-2024)
+
+### Bugfix: 1
+- [#31275](https://parermine.regione.emilia-romagna.it/issues/31275) Correzione errore PKI su https://elektroninisparasas.lt/LT-TSL.xml
+
 ## 1.15.0 (29-01-2024)
 
 ### Novità: 2

diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md
@@ -1,7 +1,15 @@
 ## Container scan evidence CVE
 <strong>Image name:</strong> registry.ente.regione.emr.it/parer/okd/verifica-firma-eidas:sast
-<br/><strong>Run date:</strong> Mon Jan 29 12:20:03 CET 2024
-<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/verifica-firma-eidas/-/jobs/156713">Job</a>
-<br/><strong>CVE founded:</strong> 0
+<br/><strong>Run date:</strong> Mon Jun 24 11:42:47 CEST 2024
+<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/verifica-firma-eidas/-/jobs/274963">Job</a>
+<br/><strong>CVE founded:</strong> 8
 | CVE | Description | Severity | Solution | 
 |:---:|:---|:---:|:---|
+| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc to 2.28-251.el8_10.1|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3344)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow.  This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc to 2.28-251.el8_10.2|
+| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-common to 2.28-251.el8_10.1|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3344)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow.  This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-common to 2.28-251.el8_10.2|
+| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.1|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3344)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow.  This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.2|
+| [CVE-2023-6597](http://www.openwall.com/lists/oss-security/2024/03/20/5)|An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.|High|Upgrade platform-python to 3.6.8-62.el8_10|
+| [CVE-2023-6597](http://www.openwall.com/lists/oss-security/2024/03/20/5)|An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.|High|Upgrade python3-libs to 3.6.8-62.el8_10|
diff --git a/Dockerfile b/Dockerfile
@@ -77,7 +77,7 @@
 #   accessed directly. (example: "foo.example.com,bar.example.com")
 #
 ###
-FROM registry.access.redhat.com/ubi8/openjdk-17:1.18
+FROM registry.access.redhat.com/ubi8/openjdk-17:1.19
 
 LABEL io.k8s.description="Microservizio verifica firma EIDAS (basato su immagine ubi RedHat)" \
       io.k8s.display-name="Verifica firma EIDAS" \

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,4 +1,4 @@
-## 1.16.0 (14-03-2024)
+## 1.22.1 (24-06-2024)
 
-### Novità: 1
-- [#31419](https://parermine.regione.emilia-romagna.it/issues/31419) Attivazione statistiche per monitoraggio con prometheus
+### Bugfix: 1
+- [#32811](https://parermine.regione.emilia-romagna.it/issues/32811)  Correzione gestione "log level error" nei casi di errori "non previsti" da "gestiti in verifica firma digitale"
diff --git a/docker_build/certs/rer_ca.crt b/docker_build/certs/rer_ca.crt
diff --git a/docker_build/certs/rer_ca01.crt b/docker_build/certs/rer_ca01.crt
diff --git a/docker_build/certs/rer_rootca.crt b/docker_build/certs/rer_rootca.crt
diff --git a/docker_build/certs/rer_rootcat01.crt b/docker_build/certs/rer_rootcat01.crt
diff --git a/pom.xml b/pom.xml
@@ -2,15 +2,16 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>verifica-firma-eidas</artifactId>
-	<version>1.16.1-SNAPSHOT</version>
+	<version>1.22.1</version>
 	<packaging>${packaging.type}</packaging>
 	<name>Verifica Firma EIDAS</name>
 	<description>Progetto per effettuare firme e validazioni con librerie DSS (EIDAS)</description>
+	<url>https://nexus.ente.regione.emr.it/repository/parer-site/verifica-firma-eidas/${project.version}/</url>
 
 	<parent>
 		<groupId>it.eng.parer</groupId>
 		<artifactId>parer-pom</artifactId>
-		<version>4.2.0</version>
+		<version>5.2.1</version>
 	</parent>
 
     <properties>
@@ -43,24 +44,17 @@
 	</properties>
 
     <scm>
-	<developerConnection>scm:git:https://github.com/RegioneER/parer-verifica-firma-eidas.git</developerConnection>
-        <tag>HEAD</tag>
+        <developerConnection>scm:git:[email protected]:parer/okd/verifica-firma-eidas.git</developerConnection>
+        <tag>verifica-firma-eidas-1.22.1</tag>
     </scm>
 
     <distributionManagement>
-        <repository>
-	   <id>github</id>
-	   <url>https://maven.pkg.github.com/RegioneER/parer-verifica-firma-eidas</url>
-	 </repository>      
+        <site>
+            <id>site</id>
+            <url>dav:https://nexus.ente.regione.emr.it/repository/parer-site/verifica-firma-eidas/${project.version}</url>
+        </site>
     </distributionManagement>
 
-     <repositories>
-        <repository>
-            <id>github</id>
-            <url>https://maven.pkg.github.com/RegioneER/parer-framework-parerpom</url>            
-        </repository>               
-      </repositories>
-
 	<dependencyManagement>
 		<dependencies>
 		    <!-- DSS bom -->