From cd6dc7f73f6361c558f206ca3b3b1d752eaf1762 Mon Sep 17 00:00:00 2001
From: kagw95 <aleksandr.kapustin.qubership@gmail.com>
Date: Wed, 11 Feb 2026 20:39:26 +0400
Subject: [PATCH 1/3] fix(security): Bump dependencies versions to fix
 vulnerabilities found by Security-Scanner.

---
 mockingbird-aggregator/pom.xml        |  4 ++
 mockingbird-integration-atp2/pom.xml  |  4 ++
 mockingbird-template-velocity/pom.xml |  4 ++
 parent/parent-dependencies/pom.xml    | 75 +++++++++++++++++++++++----
 parent/parent-java/pom.xml            |  6 ---
 5 files changed, 78 insertions(+), 15 deletions(-)

diff --git a/mockingbird-aggregator/pom.xml b/mockingbird-aggregator/pom.xml
index 5d3179e..3cdb34b 100644
--- a/mockingbird-aggregator/pom.xml
+++ b/mockingbird-aggregator/pom.xml
@@ -449,6 +449,10 @@
             <groupId>org.apache.kafka</groupId>
             <artifactId>kafka-clients</artifactId>
         </dependency>
+        <dependency>
+            <groupId>at.yawk.lz4</groupId>
+            <artifactId>lz4-java</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.kafka</groupId>
             <artifactId>spring-kafka</artifactId>
diff --git a/mockingbird-integration-atp2/pom.xml b/mockingbird-integration-atp2/pom.xml
index 5610179..69406de 100644
--- a/mockingbird-integration-atp2/pom.xml
+++ b/mockingbird-integration-atp2/pom.xml
@@ -73,6 +73,10 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>at.yawk.lz4</groupId>
+            <artifactId>lz4-java</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-sleuth-zipkin</artifactId>
diff --git a/mockingbird-template-velocity/pom.xml b/mockingbird-template-velocity/pom.xml
index 065838d..d6e7c47 100644
--- a/mockingbird-template-velocity/pom.xml
+++ b/mockingbird-template-velocity/pom.xml
@@ -58,6 +58,10 @@
             <groupId>com.nimbusds</groupId>
             <artifactId>nimbus-jose-jwt</artifactId>
         </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.ibm.icu</groupId>
             <artifactId>icu4j</artifactId>
diff --git a/parent/parent-dependencies/pom.xml b/parent/parent-dependencies/pom.xml
index 40ee7d4..cebe582 100644
--- a/parent/parent-dependencies/pom.xml
+++ b/parent/parent-dependencies/pom.xml
@@ -21,6 +21,7 @@
         <atp.itf.core.version>4.4.114</atp.itf.core.version>
         <atp.itf.diameter.lib.version>2.2.7</atp.itf.diameter.lib.version>
         <atp.auth.version>1.2.75</atp.auth.version>
+        <atp.common.version>0.0.47</atp.common.version>
         <atp.multitenancy.version>0.0.13</atp.multitenancy.version>
         <atp.ei.lib.version>0.2.46</atp.ei.lib.version>
         <atp.crypt.version>0.0.24</atp.crypt.version>
@@ -34,7 +35,7 @@
         <com.squareup.okhttp3.okhttp.version>4.9.3</com.squareup.okhttp3.okhttp.version>
         <org.jboss.logging.jboss-logging.version>3.4.3.Final</org.jboss.logging.jboss-logging.version>
         <org.jboss.xnio.version>3.8.14.Final</org.jboss.xnio.version>
-        <io.undertow.undertow-core.version>2.2.38.Final</io.undertow.undertow-core.version>
+        <io.undertow.version>2.2.39.Final</io.undertow.version>
         <com.sun.xml.bind.jaxb.version>2.2.11</com.sun.xml.bind.jaxb.version>
         <com.fasterxml.woodstox.woodstox-core.version>5.0.3</com.fasterxml.woodstox.woodstox-core.version>
         <io.github.openfeign.feign-core.version>11.10</io.github.openfeign.feign-core.version>
@@ -45,6 +46,7 @@
         <com.squareup.okio.okio.version>2.8.0</com.squareup.okio.okio.version>
         <org.apache.cxf.version>3.2.1</org.apache.cxf.version>
         <org.eclipse.jetty.version>9.4.57.v20241219</org.eclipse.jetty.version>
+        <jackson.version>2.15.0</jackson.version>
     </properties>
 
     <dependencyManagement>
@@ -583,6 +585,10 @@
                         <groupId>commons-lang</groupId>
                         <artifactId>commons-lang</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>commons-collections</groupId>
+                        <artifactId>commons-collections</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
             <dependency>
@@ -681,27 +687,27 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-databind</artifactId>
-                <version>2.12.7.1</version>
+                <version>${jackson.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-core</artifactId>
-                <version>2.12.7</version>
+                <version>${jackson.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-annotations</artifactId>
-                <version>2.12.7</version>
+                <version>${jackson.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.datatype</groupId>
                 <artifactId>jackson-datatype-joda</artifactId>
-                <version>2.12.7</version>
+                <version>${jackson.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.module</groupId>
                 <artifactId>jackson-module-jaxb-annotations</artifactId>
-                <version>2.12.7</version>
+                <version>${jackson.version}</version>
             </dependency>
             <dependency>
                 <groupId>commons-codec</groupId>
@@ -840,7 +846,7 @@
             <dependency>
                 <groupId>io.springfox</groupId>
                 <artifactId>springfox-swagger-ui</artifactId>
-                <version>2.9.2</version>
+                <version>2.10.0</version>
             </dependency>
             <dependency>
                 <groupId>com.nimbusds</groupId>
@@ -1027,7 +1033,17 @@
             <dependency>
                 <groupId>io.undertow</groupId>
                 <artifactId>undertow-core</artifactId>
-                <version>${io.undertow.undertow-core.version}</version>
+                <version>${io.undertow.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.undertow</groupId>
+                <artifactId>undertow-servlet</artifactId>
+                <version>${io.undertow.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.undertow</groupId>
+                <artifactId>undertow-websockets-jsr</artifactId>
+                <version>${io.undertow.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.sun.xml.bind</groupId>
@@ -1132,7 +1148,18 @@
             <dependency>
                 <groupId>org.apache.kafka</groupId>
                 <artifactId>kafka-clients</artifactId>
-                <version>3.7.2</version>
+                <version>3.9.1</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.lz4</groupId>
+                        <artifactId>lz4-java</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>at.yawk.lz4</groupId>
+                <artifactId>lz4-java</artifactId>
+                <version>1.10.1</version>
             </dependency>
             <dependency>
                 <groupId>org.postgresql</groupId>
@@ -1145,6 +1172,36 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.qubership.atp.common</groupId>
+                <artifactId>qubership-atp-common-probes</artifactId>
+                <version>${atp.common.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.qubership.atp.common</groupId>
+                <artifactId>qubership-atp-common-monitoring-undertow</artifactId>
+                <version>${atp.common.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.qubership.atp.common</groupId>
+                <artifactId>qubership-atp-common-utils</artifactId>
+                <version>${atp.common.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.qubership.atp.common</groupId>
+                <artifactId>qubership-atp-common-logging</artifactId>
+                <version>${atp.common.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.assertj</groupId>
+                <artifactId>assertj-core</artifactId>
+                <version>3.27.7</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.kafka</groupId>
+                <artifactId>spring-kafka</artifactId>
+                <version>2.9.11</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 </project>
diff --git a/parent/parent-java/pom.xml b/parent/parent-java/pom.xml
index e3a3058..9287226 100644
--- a/parent/parent-java/pom.xml
+++ b/parent/parent-java/pom.xml
@@ -12,7 +12,6 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <atp.common.version>0.0.43</atp.common.version>
     </properties>
 
     <dependencyManagement>
@@ -24,11 +23,6 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
-            <dependency>
-                <groupId>org.qubership.atp.common</groupId>
-                <artifactId>qubership-atp-common-probes</artifactId>
-                <version>${atp.common.version}</version>
-            </dependency>
         </dependencies>
     </dependencyManagement>
 

From c0dab43950a087052ab36b00dd8f757f1e41bed6 Mon Sep 17 00:00:00 2001
From: kagw95 <aleksandr.kapustin.qubership@gmail.com>
Date: Thu, 12 Feb 2026 10:54:40 +0400
Subject: [PATCH 2/3] fix(security): Bump dependencies versions: activemq to
 5.16.8, atp-integration to 0.2.42, io.netty to 4.1.125.Final, reactor-netty
 to 1.0.39, guava to 32.0.1-jre, commons-compress to 1.21, nimbus-jose-jwt to
 9.37.2, commons-lang3 to 3.18.0.

---
 mockingbird-core/pom.xml           | 10 ++--
 parent/parent-dependencies/pom.xml | 75 +++++++++++++++++++++---------
 2 files changed, 56 insertions(+), 29 deletions(-)

diff --git a/mockingbird-core/pom.xml b/mockingbird-core/pom.xml
index ef6badb..6a0bb83 100644
--- a/mockingbird-core/pom.xml
+++ b/mockingbird-core/pom.xml
@@ -237,12 +237,10 @@
         <dependency>
             <groupId>org.qubership.atp</groupId>
             <artifactId>atp-itf-core</artifactId>
-            <!--<exclusions>
-                <exclusion>
-                    <groupId>com.google.code.findbugs</groupId>
-                    <artifactId>jsr305</artifactId>
-                </exclusion>
-            </exclusions>-->
+        </dependency>
+        <dependency>
+            <groupId>org.qubership.atp</groupId>
+            <artifactId>atp-integration-spring-boot-starter</artifactId>
         </dependency>
         <dependency>
             <groupId>org.qubership.automation</groupId>
diff --git a/parent/parent-dependencies/pom.xml b/parent/parent-dependencies/pom.xml
index cebe582..b7a8f0b 100644
--- a/parent/parent-dependencies/pom.xml
+++ b/parent/parent-dependencies/pom.xml
@@ -15,13 +15,14 @@
         <spring.cloud.version>2021.0.8</spring.cloud.version>
         <keycloak.version>22.0.1</keycloak.version>
         <camel.version>2.20.4</camel.version>
-        <activemq.version>5.12.2</activemq.version>
+        <activemq.version>5.16.8</activemq.version>
         <aspectj.version>1.8.10</aspectj.version>
 
         <atp.itf.core.version>4.4.114</atp.itf.core.version>
         <atp.itf.diameter.lib.version>2.2.7</atp.itf.diameter.lib.version>
         <atp.auth.version>1.2.75</atp.auth.version>
         <atp.common.version>0.0.47</atp.common.version>
+        <atp.integration.version>0.2.42</atp.integration.version>
         <atp.multitenancy.version>0.0.13</atp.multitenancy.version>
         <atp.ei.lib.version>0.2.46</atp.ei.lib.version>
         <atp.crypt.version>0.0.24</atp.crypt.version>
@@ -31,7 +32,7 @@
         <org.ow2.asm.asm.version>5.2</org.ow2.asm.asm.version>
         <log4j.log4j.version>1.2.17</log4j.log4j.version>
         <org.bouncycastle.bcp.version>1.69</org.bouncycastle.bcp.version>
-        <io.netty.netty.version>4.1.44.Final</io.netty.netty.version>
+        <io.netty.version>4.1.125.Final</io.netty.version>
         <com.squareup.okhttp3.okhttp.version>4.9.3</com.squareup.okhttp3.okhttp.version>
         <org.jboss.logging.jboss-logging.version>3.4.3.Final</org.jboss.logging.jboss-logging.version>
         <org.jboss.xnio.version>3.8.14.Final</org.jboss.xnio.version>
@@ -91,8 +92,21 @@
                         <groupId>org.apache.tomcat.embed</groupId>
                         <artifactId>tomcat-embed-websocket</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.apache.tomcat.embed</groupId>
+                        <artifactId>tomcat-embed-el</artifactId>
+                    </exclusion>
+                    <exclusion>
+                        <groupId>org.qubership.atp</groupId>
+                        <artifactId>atp-integration-spring-boot-starter</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.qubership.atp</groupId>
+                <artifactId>atp-integration-spring-boot-starter</artifactId>
+                <version>${atp.integration.version}</version>
+            </dependency>
             <!--Spring Configuration - Start-->
 
             <!-- org.springframework.kafka configuration - start -->
@@ -232,10 +246,30 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>io.projectreactor.netty</groupId>
+                <artifactId>reactor-netty</artifactId>
+                <version>1.0.39</version>
+            </dependency>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-all</artifactId>
+                <version>${io.netty.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.netty</groupId>
                 <artifactId>netty-handler</artifactId>
-                <version>4.1.118.Final</version>
+                <version>${io.netty.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-codec-http</artifactId>
+                <version>${io.netty.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.netty</groupId>
+                <artifactId>netty-codec-http2</artifactId>
+                <version>${io.netty.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.datastax.cassandra</groupId>
@@ -371,16 +405,6 @@
                 <artifactId>lombok</artifactId>
                 <version>1.14.8</version>
             </dependency>
-            <dependency>
-                <groupId>io.netty</groupId>
-                <artifactId>netty-all</artifactId>
-                <version>${io.netty.netty.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>io.projectreactor.netty</groupId>
-                <artifactId>reactor-netty</artifactId>
-                <version>0.9.8.RELEASE</version>
-            </dependency>
             <!-- Commented, because became absent suddenly
             <dependency>
                 <groupId>oracle</groupId>
@@ -484,7 +508,7 @@
             <dependency>
                 <groupId>com.google.guava</groupId>
                 <artifactId>guava</artifactId>
-                <version>32.0.0-jre</version>
+                <version>32.0.1-jre</version>
             </dependency>
             <dependency>
                 <groupId>ch.qos.logback</groupId>
@@ -569,7 +593,7 @@
             <dependency>
                 <groupId>org.apache.commons</groupId>
                 <artifactId>commons-compress</artifactId>
-                <version>1.9</version>
+                <version>1.21</version>
             </dependency>
             <dependency>
                 <groupId>commons-io</groupId>
@@ -739,7 +763,7 @@
             <dependency>
                 <groupId>org.apache.activemq</groupId>
                 <artifactId>activemq-broker</artifactId>
-                <version>5.15.16</version>
+                <version>${activemq.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.activemq</groupId>
@@ -751,10 +775,15 @@
                 <artifactId>activemq-client</artifactId>
                 <version>${activemq.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.activemq</groupId>
+                <artifactId>activemq-openwire-legacy</artifactId>
+                <version>${activemq.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.activemq</groupId>
                 <artifactId>activemq-jms-pool</artifactId>
-                <version>5.15.14</version>
+                <version>${activemq.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.apache.activemq</groupId>
@@ -851,7 +880,7 @@
             <dependency>
                 <groupId>com.nimbusds</groupId>
                 <artifactId>nimbus-jose-jwt</artifactId>
-                <version>8.20.1</version>
+                <version>9.37.2</version>
                 <exclusions>
                     <exclusion>
                         <groupId>net.minidev</groupId>
@@ -1005,11 +1034,6 @@
                 <artifactId>bcprov-jdk15on</artifactId>
                 <version>${org.bouncycastle.bcp.version}</version>
             </dependency>
-            <!--<dependency>
-                <groupId>io.netty</groupId>
-                <artifactId>netty</artifactId>
-                <version>${io.netty.netty.version}</version>
-            </dependency>-->
             <dependency>
                 <groupId>com.squareup.okhttp3</groupId>
                 <artifactId>okhttp</artifactId>
@@ -1202,6 +1226,11 @@
                 <artifactId>spring-kafka</artifactId>
                 <version>2.9.11</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-lang3</artifactId>
+                <version>3.18.0</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 </project>

From fea207e8fed97900c8d8006b813610a41b7071b9 Mon Sep 17 00:00:00 2001
From: kagw95 <aleksandr.kapustin.qubership@gmail.com>
Date: Thu, 12 Feb 2026 10:56:34 +0400
Subject: [PATCH 3/3] fix: Dependencies management is improved for SMPP and SQL
 modules.

---
 .../mockingbird-transport-smpp/pom.xml                      | 6 +++---
 .../mockingbird-transport-sql/pom.xml                       | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/mockingbird-transports-camel/mockingbird-transport-smpp/pom.xml b/mockingbird-transports-camel/mockingbird-transport-smpp/pom.xml
index b2f552f..4967f11 100644
--- a/mockingbird-transports-camel/mockingbird-transport-smpp/pom.xml
+++ b/mockingbird-transports-camel/mockingbird-transport-smpp/pom.xml
@@ -35,8 +35,8 @@
                         </goals>
                         <configuration>
                             <outputDirectory>${project.build.directory}/lib/${project.build.finalName}</outputDirectory>
-                            <!-- <excludeTransitive>true</excludeTransitive> org.jboss,io.netty, -->
-                            <excludeGroupIds>
+                            <excludeTransitive>true</excludeTransitive>
+                            <!-- <excludeGroupIds>
                                 org.springframework,org.apache.sshd,org.apache.httpcomponents,io.github.openfeign,io.zipkin.brave,io.zipkin.zipkin2,io.zipkin.reporter2,org.keycloak,io.undertow,
                                 com.netflix.archaius,org.aspectj,com.squareup.okhttp3,com.squareup.okio,jakarta.annotation,org.glassfish,
                                 jakarta.validation,io.reactivex,com.nimbusds,com.netflix.hystrix,org.qubership.atp.auth,
@@ -52,7 +52,7 @@
                                 error_prone_annotations,javax.annotation-api,antlr,dom4j,oss-parent,qubership-atp-common-logging,
                                 javax.persistence-api,clover-maven-plugin,
                                 jackson-annotations
-                            </excludeArtifactIds>
+                            </excludeArtifactIds> -->
                             <!--if you have NoClassFoundException for this transport then  include needed dependency here-->
                             <includeScope>runtime</includeScope>
                         </configuration>
diff --git a/mockingbird-transports-camel/mockingbird-transport-sql/pom.xml b/mockingbird-transports-camel/mockingbird-transport-sql/pom.xml
index 71c22ea..a04855f 100644
--- a/mockingbird-transports-camel/mockingbird-transport-sql/pom.xml
+++ b/mockingbird-transports-camel/mockingbird-transport-sql/pom.xml
@@ -30,8 +30,8 @@
                         </goals>
                         <configuration>
                             <outputDirectory>${project.build.directory}/lib/${project.build.finalName}</outputDirectory>
-                            <!-- <excludeTransitive>true</excludeTransitive> -->
-                            <excludeGroupIds>
+                            <excludeTransitive>true</excludeTransitive>
+                            <!-- <excludeGroupIds>
                                 org.springframework,org.apache.sshd,org.apache.httpcomponents,io.github.openfeign,
                                 io.zipkin.brave,io.zipkin.zipkin2,io.zipkin.reporter2,org.keycloak,io.undertow,org.jboss,io.netty,
                                 com.netflix.archaius,org.aspectj,com.squareup.okhttp3,com.squareup.okio,jakarta.annotation,org.glassfish,
@@ -53,7 +53,7 @@
                                 error_prone_annotations,javax.annotation-api,antlr,dom4j,oss-parent,qubership-atp-common-logging,
                                 javax.persistence-api,clover-maven-plugin,atp-integration-spring-boot-starter,validation-api,atp-crypt,
                                 accessors-smart,classmate,aopalliance,cglib,commons-collections,commons-math,configuration-dataset-excel,jsr311-api
-                            </excludeArtifactIds>
+                            </excludeArtifactIds> -->
                             <!--if you have NoClassFoundException for this transport then include required dependency here-->
                             <includeScope>runtime</includeScope>
                         </configuration>