companieshouse
diff --git a/‎pom.xml‎
Lines changed: 46 additions & 7 deletions b/‎pom.xml‎
Lines changed: 46 additions & 7 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/SearchApiApplication.java‎
Lines changed: 5 additions & 3 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/SearchApiApplication.java‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/config/ElasticSearchConfig.java‎
Lines changed: 17 additions & 14 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/config/ElasticSearchConfig.java‎
Lines changed: 17 additions & 14 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/controller/AdvancedSearchController.java‎
Lines changed: 0 additions & 2 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/controller/AdvancedSearchController.java‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/controller/AlphabeticalSearchController.java‎
Lines changed: 0 additions & 2 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/controller/AlphabeticalSearchController.java‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/controller/DissolvedSearchController.java‎
Lines changed: 0 additions & 2 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/controller/DissolvedSearchController.java‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/AbstractSearchRequest.java‎
Lines changed: 5 additions & 5 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/AbstractSearchRequest.java‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/AlphabeticalSearchRequests.java‎
Lines changed: 13 additions & 3 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/AlphabeticalSearchRequests.java‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/DisqualifiedSearchUpsertRequest.java‎
Lines changed: 1 addition & 1 deletion b/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/DisqualifiedSearchUpsertRequest.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/DissolvedSearchRequests.java‎
Lines changed: 10 additions & 3 deletions b/‎src/main/java/uk/gov/companieshouse/search/api/elasticsearch/DissolvedSearchRequests.java‎
Lines changed: 10 additions & 3 deletions
@@ -19,22 +19,24 @@
 
     <properties>
         <java.version>21</java.version>
-        <api-sdk-java.version>6.2.9</api-sdk-java.version>
+        <api-sdk-java.version>6.4.4</api-sdk-java.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <start-class>uk.gov.companieshouse.search.api.SearchApiApplication</start-class>
         <api-helper-java.version>3.0.1</api-helper-java.version>
-        <api-security-java.version>2.0.8</api-security-java.version>
-        <private-api-sdk-java.version>4.0.291</private-api-sdk-java.version>
+        <api-security-java.version>2.0.14</api-security-java.version>
+        <private-api-sdk-java.version>4.0.337</private-api-sdk-java.version>
 
+
+        <commons-lang3.version>3.18.0</commons-lang3.version>
         <!-- Elastic Search -->
         <elasticsearch.version>7.9.3</elasticsearch.version>
 
         <!-- Docker -->
         <jib-maven-plugin.version>3.4.4</jib-maven-plugin.version>
 
         <!-- Structured logging -->
-        <structured-logging.version>3.0.31</structured-logging.version>
+        <structured-logging.version>3.0.38</structured-logging.version>
         <log4j.version>2.23.1</log4j.version>
 
         <!-- Maven and Surefire plugins -->
@@ -60,10 +62,15 @@
         <artifactoryResolveSnapshotRepo>libs-snapshot-local</artifactoryResolveSnapshotRepo>
         <artifactoryResolveReleaseRepo>virtual-release</artifactoryResolveReleaseRepo>
 
-        <environment-reader-library.version>3.0.1</environment-reader-library.version>
+        <environment-reader-library.version>3.0.3</environment-reader-library.version>
+
+        <spring-boot-dependencies.version>3.5.5</spring-boot-dependencies.version>
+        <spring-boot-maven-plugin.version>3.5.5</spring-boot-maven-plugin.version>
+        <!-- version added to resolve CVE-2025-41249-->
+        <spring-core.version>6.2.11</spring-core.version>
+        <!-- version added to resolve CVE-2025-41248 -->
+        <spring-security-core.version>6.5.4</spring-security-core.version>
 
-        <spring-boot-dependencies.version>3.4.5</spring-boot-dependencies.version>
-        <spring-boot-maven-plugin.version>3.4.5</spring-boot-maven-plugin.version>
         <skip.unit.tests>false</skip.unit.tests>
         <skip.integration.tests>false</skip.integration.tests>
     </properties>
@@ -86,6 +93,18 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
         </dependency>
+        <!-- version added to resolve CVE-2025-41249-->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>${spring-security-core.version}</version>
+        </dependency>
+        <!--Added to resolve CVE-2025-41248-->
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>${spring-core.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
@@ -97,6 +116,13 @@
             </exclusions>
         </dependency>
 
+        <!-- added to resolve CVE-2025-48924(5.3) transitive dependency of api-security-java needing latest version  -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons-lang3.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
@@ -148,6 +174,19 @@
             <groupId>org.sonarsource.scanner.maven</groupId>
             <artifactId>sonar-maven-plugin</artifactId>
             <version>${sonar-maven-plugin.version}</version>
+            <exclusions>
+                <exclusion>
+                    <!-- To resolve CVE-2025-48924, excluding commonslang which has no version later than 2.6 -->
+                    <groupId>commons-lang</groupId>
+                    <artifactId>commons-lang</artifactId>
+                </exclusion>
+                <exclusion>
+                    <!--To resolve CVE-2023-0833, excluding sonarsource.scanner.api
+                    which has no version later than 2.16.3.1081 -->
+                    <groupId>org.sonarsource.scanner.api</groupId>
+                    <artifactId>sonar-scanner-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
 
@@ -1,6 +1,5 @@
 package uk.gov.companieshouse.search.api;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -13,12 +12,15 @@ public class SearchApiApplication implements WebMvcConfigurer {
 
     public static final String APPLICATION_NAME_SPACE = "search.api.ch.gov.uk";
 
-    @Autowired
     private UserAuthorisationInterceptor authorisationInterceptor;
 
-    @Autowired
     private LoggingInterceptor loggingInterceptor;
 
+    public SearchApiApplication(UserAuthorisationInterceptor authorisationInterceptor, LoggingInterceptor loggingInterceptor) {
+        this.authorisationInterceptor = authorisationInterceptor;
+        this.loggingInterceptor = loggingInterceptor;
+    }
+
     public static void main(String[] args) {
         SpringApplication.run(SearchApiApplication.class, args);
     }
 
@@ -1,12 +1,12 @@
 package uk.gov.companieshouse.search.api.config;
 
 import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
 import org.apache.http.HttpHost;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestHighLevelClient;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import uk.gov.companieshouse.environment.EnvironmentReader;
@@ -15,50 +15,53 @@
 @Configuration
 public class ElasticSearchConfig {
 
-    @Autowired
-    private EnvironmentReader environmentReader;
+    private final EnvironmentReader environmentReader;
+
+    public ElasticSearchConfig(EnvironmentReader environmentReader) {
+        this.environmentReader = environmentReader;
+    }
 
     // These are currently pointing at the existing ES instance, will need to be updated in the configs for both
     private static final String ALPHABETICAL_SEARCH_URL = "ELASTIC_SEARCH_URL";
     private static final String DISSOLVED_SEARCH_URL = "DISSOLVED_SEARCH_URL";
     private static final String ADVANCED_SEARCH_URL = "ADVANCED_SEARCH_URL";
     private static final String PRIMARY_SEARCH_URL = "PRIMARY_SEARCH_URL";
 
-    @Qualifier("alphabeticalClient")
     @Bean(destroyMethod = "close")
     public RestHighLevelClient alphabeticalRestClient() {
         return createClient(ALPHABETICAL_SEARCH_URL);
     }
 
-    @Qualifier("advancedClient")
     @Bean(destroyMethod = "close")
     public RestHighLevelClient advancedRestClient() {
         return createClient(ADVANCED_SEARCH_URL);
     }
 
-    @Qualifier("dissolvedClient")
+
     @Bean(destroyMethod = "close")
     public RestHighLevelClient dissolvedRestClient() {
         return createClient(DISSOLVED_SEARCH_URL);
     }
 
-    @Qualifier("primaryClient")
     @Bean(destroyMethod = "close")
-    public RestHighLevelClient primaryClient() {
+    public RestHighLevelClient primaryRestClient() {
         return createClient(PRIMARY_SEARCH_URL);
     }
 
     public RestHighLevelClient createClient(String url) {
-
         URL endpoint;
         try {
-            endpoint = new URL(environmentReader.getMandatoryString(url));
-        } catch (MalformedURLException e) {
-            throw new EndpointException(url + " environment variable is malformed; expected format is <protocol>://<host>[:port]");
+            String rawUrl = environmentReader.getMandatoryString(url);
+            URI uri = new URI(rawUrl);
+            endpoint = uri.toURL();
+        } catch (URISyntaxException | MalformedURLException e) {
+            throw new EndpointException(url + "environment variable is malformed; expected format is <protocol>://<host>[:port]");
         }
 
         return new RestHighLevelClient(
                 RestClient.builder(
-                        new HttpHost(endpoint.getHost(), endpoint.getPort(), endpoint.getProtocol())));
+                        new HttpHost(endpoint.getHost(), endpoint.getPort(), endpoint.getProtocol())
+                )
+        );
     }
 }
@@ -19,7 +19,6 @@
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import uk.gov.companieshouse.api.model.company.CompanyProfileApi;
 import uk.gov.companieshouse.logging.util.DataMap;
@@ -75,7 +74,6 @@ public AdvancedSearchController(AdvancedQueryParamMapper queryParamMapper,
     }
 
     @GetMapping("/companies")
-    @ResponseBody
     public ResponseEntity<Object> search(@RequestParam(name = START_INDEX_QUERY_PARAM, required = false) Integer startIndex,
                                          @RequestParam(name = COMPANY_NAME_QUERY_PARAM, required = false) String companyName,
                                          @RequestParam(name = LOCATION_QUERY_PARAM, required = false) String location,
 
@@ -7,7 +7,6 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -63,7 +62,6 @@ public AlphabeticalSearchController(AlphabeticalSearchIndexService searchIndexSe
     }
 
     @GetMapping("/companies")
-    @ResponseBody
     public ResponseEntity<Object> searchByCorporateName(@RequestParam(name = COMPANY_NAME_QUERY_PARAM) String companyName,
                                                    @RequestParam(name = SEARCH_BEFORE_PARAM, required = false) String searchBefore,
                                                    @RequestParam(name = SEARCH_AFTER_PARAM, required = false) String searchAfter,
 
@@ -10,7 +10,6 @@
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 import uk.gov.companieshouse.environment.EnvironmentReader;
 import uk.gov.companieshouse.logging.util.DataMap;
@@ -59,7 +58,6 @@ public DissolvedSearchController(DissolvedSearchIndexService searchIndexService,
     }
 
     @GetMapping("/companies")
-    @ResponseBody
     public ResponseEntity<Object> searchCompanies(@RequestParam(name = COMPANY_NAME_QUERY_PARAM) String companyName,
             @RequestParam(name = SEARCH_TYPE_QUERY_PARAM) String searchType,
             @RequestParam(name = SEARCH_BEFORE_PARAM, required = false) String searchBefore,
 
@@ -9,28 +9,28 @@
 import org.elasticsearch.search.SearchHits;
 import org.elasticsearch.search.builder.SearchSourceBuilder;
 import org.elasticsearch.search.sort.SortOrder;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import uk.gov.companieshouse.environment.EnvironmentReader;
 import uk.gov.companieshouse.logging.util.DataMap;
 import uk.gov.companieshouse.search.api.logging.LoggingUtils;
 import uk.gov.companieshouse.search.api.service.rest.RestClientService;
 
 public abstract class AbstractSearchRequest {
-    
     abstract String getIndex();
 
     abstract String getResultsSize();
 
     abstract RestClientService getRestClientService();
 
     abstract AbstractSearchQuery getSearchQuery();
-    
-    @Autowired
+
     private EnvironmentReader environmentReader;
 
     private static final String ORDERED_ALPHA_KEY_WITH_ID = "ordered_alpha_key_with_id";
-    
+
+    protected AbstractSearchRequest(EnvironmentReader environmentReader) {
+        this.environmentReader = environmentReader;
+    }
 
     public SearchHits getBestMatchResponse(String orderedAlphakey, String requestId) throws IOException {
         Map<String, Object> logMap = new DataMap.Builder()
 
@@ -3,21 +3,31 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import uk.gov.companieshouse.environment.EnvironmentReader;
 import uk.gov.companieshouse.search.api.service.rest.RestClientService;
 import uk.gov.companieshouse.search.api.service.rest.impl.AlphabeticalSearchRestClientService;
 
 @Component
 public class AlphabeticalSearchRequests extends AbstractSearchRequest {
 
-    @Autowired
     private AlphabeticalSearchRestClientService searchRestClient;
 
-    @Autowired
     private AlphabeticalSearchQueries alphabeticalSearchQueries;
 
     private static final String INDEX = "ALPHABETICAL_SEARCH_INDEX";
     private static final String RESULTS_SIZE = "ALPHABETICAL_SEARCH_RESULT_MAX";
-    
+
+    @Autowired
+    public AlphabeticalSearchRequests(
+        EnvironmentReader environmentReader,
+        AlphabeticalSearchRestClientService searchRestClient,
+        AlphabeticalSearchQueries alphabeticalSearchQueries
+    ) {
+        super(environmentReader);
+        this.searchRestClient = searchRestClient;
+        this.alphabeticalSearchQueries = alphabeticalSearchQueries;
+    }
+
     @Override
     String getIndex() {
         return INDEX;
 
@@ -5,7 +5,7 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.stereotype.Component;
 
 
@@ -19,19 +19,26 @@
 @Component
 public class DissolvedSearchRequests extends AbstractSearchRequest {
 
-    @Autowired
     private DissolvedSearchRestClientService searchRestClient;
 
-    @Autowired
     private DissolvedSearchQueries searchQueries;
 
-    @Autowired
     private EnvironmentReader environmentReader;
 
     private static final String INDEX = "DISSOLVED_SEARCH_INDEX";
     private static final String RESULTS_SIZE = "DISSOLVED_SEARCH_RESULT_MAX";
     private static final String BEST_MATCH_SEARCH_TYPE = "best-match";
 
+    @Autowired
+    public DissolvedSearchRequests(
+            EnvironmentReader environmentReader,
+            DissolvedSearchRestClientService searchRestClient,
+            DissolvedSearchQueries searchQueries
+    ) {
+        super(environmentReader);
+        this.searchRestClient = searchRestClient;
+        this.searchQueries = searchQueries;
+    }
     @Override
     String getIndex() {
         return INDEX;