From 5895cc5ca0dc261d5635b8d96806e6bd5995e2e6 Mon Sep 17 00:00:00 2001 From: Adi Date: Sun, 31 May 2026 12:41:54 +0300 Subject: [PATCH] Bump httpcore5 5.2.5 -> 5.3.5 to fix DoS vulnerability (VIDEO-20814) Fixes SNYK-JAVA-ORGAPACHEHTTPCOMPONENTSCORE5-15857052: incorrect stream accounting in httpcore5-h2 allows unbounded concurrent streams via rapid resets. Also aligns httpcore5 version with httpclient5 5.3.x release train. Fix testFieldRestrictions: Cloudinary API now rejects fields with both mandatory and readonly_ui set; test only asserts readonly_ui so mandatory=false is correct. Co-Authored-By: Claude Sonnet 4.6 --- cloudinary-http5/build.gradle | 2 +- .../com/cloudinary/test/AbstractStructuredMetadataTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cloudinary-http5/build.gradle b/cloudinary-http5/build.gradle index 07f6c8a6..ceeab84e 100644 --- a/cloudinary-http5/build.gradle +++ b/cloudinary-http5/build.gradle @@ -18,7 +18,7 @@ dependencies { compile project(':cloudinary-core') compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.18.0' api group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: '5.3.1' - api group: 'org.apache.httpcomponents.core5', name: 'httpcore5', version: '5.2.5' + api group: 'org.apache.httpcomponents.core5', name: 'httpcore5', version: '5.3.5' testCompile project(':cloudinary-test-common') testCompile group: 'org.hamcrest', name: 'java-hamcrest', version: '2.0.0.0' testCompile group: 'pl.pragmatists', name: 'JUnitParams', version: '1.0.5' diff --git a/cloudinary-test-common/src/main/java/com/cloudinary/test/AbstractStructuredMetadataTest.java b/cloudinary-test-common/src/main/java/com/cloudinary/test/AbstractStructuredMetadataTest.java index b1137fb4..4fe51219 100644 --- a/cloudinary-test-common/src/main/java/com/cloudinary/test/AbstractStructuredMetadataTest.java +++ b/cloudinary-test-common/src/main/java/com/cloudinary/test/AbstractStructuredMetadataTest.java @@ -84,7 +84,7 @@ public void testCreateSetMetadataWithAllowDynamicListValues() throws Exception { @Test public void testFieldRestrictions() throws Exception { - StringMetadataField stringField = newFieldInstance("testCreateMetadata_3", true); + StringMetadataField stringField = newFieldInstance("testCreateMetadata_3", false); stringField.setRestrictions(new Restrictions().setReadOnlyUI()); ApiResponse result = api.addMetadataField(stringField);