From 15e8dcb75b2a5a2195054aa261d05b2a1d984126 Mon Sep 17 00:00:00 2001
From: chethann007 <gchethan7602@gmail.com>
Date: Mon, 9 Mar 2026 15:08:05 +0530
Subject: [PATCH] fix: security patches for docker images and maven
 dependencies

---
 build/lern/Dockerfile         |  2 +-
 build/lms/Dockerfile          |  3 ++-
 build/notification/Dockerfile |  3 ++-
 build/userorg/Dockerfile      |  3 ++-
 pom.xml                       | 16 +++++++++++++++-
 5 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/build/lern/Dockerfile b/build/lern/Dockerfile
index a7c4e4b..40c1b7e 100644
--- a/build/lern/Dockerfile
+++ b/build/lern/Dockerfile
@@ -10,7 +10,7 @@ RUN unzip lern-service-impl-1.0-SNAPSHOT-dist.zip
 FROM eclipse-temurin:11-jre-alpine
 
 RUN apk upgrade --no-cache \
-    && apk add --no-cache curl \
+    && apk add --no-cache curl "zlib>=1.3.2-r0" \
     && adduser -u 1001 -h /home/sunbird/ -D sunbird \
     && mkdir -p /home/sunbird/
 
diff --git a/build/lms/Dockerfile b/build/lms/Dockerfile
index 4505225..0e19c3a 100644
--- a/build/lms/Dockerfile
+++ b/build/lms/Dockerfile
@@ -11,7 +11,8 @@ FROM adoptopenjdk/openjdk11:alpine-slim
 
 RUN adduser -u 1001 -h /home/sunbird/ -D sunbird \
     && mkdir -p /home/sunbird/ \
-    && apk add --no-cache curl
+    && apk upgrade --no-cache \
+    && apk add --no-cache curl "zlib>=1.3.2-r0"
 
 WORKDIR /home/sunbird/
 COPY --from=builder --chown=sunbird:sunbird /app/lms-service-1.0-SNAPSHOT /home/sunbird/lms-service-1.0-SNAPSHOT
diff --git a/build/notification/Dockerfile b/build/notification/Dockerfile
index 42fa1c3..45b556d 100644
--- a/build/notification/Dockerfile
+++ b/build/notification/Dockerfile
@@ -11,7 +11,8 @@ FROM adoptopenjdk/openjdk11:alpine-slim
 
 RUN adduser -u 1001 -h /home/sunbird/ -D sunbird \
     && mkdir -p /home/sunbird/ \
-    && apk add --no-cache curl
+    && apk upgrade --no-cache \
+    && apk add --no-cache curl "zlib>=1.3.2-r0"
 
 WORKDIR /home/sunbird/
 COPY --from=builder --chown=sunbird:sunbird /app/notification-service-1.0-SNAPSHOT /home/sunbird/notification-service-1.0-SNAPSHOT
diff --git a/build/userorg/Dockerfile b/build/userorg/Dockerfile
index 70cd33f..ebe30fd 100644
--- a/build/userorg/Dockerfile
+++ b/build/userorg/Dockerfile
@@ -11,7 +11,8 @@ FROM adoptopenjdk/openjdk11:alpine-slim
 
 RUN adduser -u 1001 -h /home/sunbird/ -D sunbird \
     && mkdir -p /home/sunbird \
-    && apk add --no-cache curl
+    && apk upgrade --no-cache \
+    && apk add --no-cache curl "zlib>=1.3.2-r0"
 
 WORKDIR /home/sunbird/
 COPY --from=builder --chown=sunbird:sunbird /app/userorg-service-1.0-SNAPSHOT /home/sunbird/userorg-service-1.0-SNAPSHOT
diff --git a/pom.xml b/pom.xml
index c075971..bb7a456 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,9 @@
         <scala.major.version>2.13</scala.major.version>
         <scala.version>2.13.12</scala.version>
         <pekko.version>1.0.3</pekko.version>
-        <jackson.version>2.17.0</jackson.version>
+        <jackson.version>2.18.6</jackson.version>
+        <c3p0.version>0.12.0</c3p0.version>
+        <mchange-commons-java.version>0.4.0</mchange-commons-java.version>
         <netty.version>4.1.118.Final</netty.version>
         <junit.version>4.13.1</junit.version>
         <powermock.version>2.0.9</powermock.version>
@@ -355,6 +357,18 @@
                 <artifactId>commons-io</artifactId>
                 <version>2.14.0</version>
             </dependency>
+
+            <!-- Security: Force secure versions of transitive c3p0 and mchange-commons-java -->
+            <dependency>
+                <groupId>com.mchange</groupId>
+                <artifactId>c3p0</artifactId>
+                <version>${c3p0.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.mchange</groupId>
+                <artifactId>mchange-commons-java</artifactId>
+                <version>${mchange-commons-java.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>