From 09d4b439162f7e470a357e0f5e3000b38f1fafe9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pere=20Fern=C3=A1ndez?= <pefernan@users.noreply.github.com>
Date: Mon, 30 Oct 2023 11:23:40 +0100
Subject: [PATCH] CVE-2023-42503: Apache Commons Compress denial of service
 vulnerability. More info: https://nvd.nist.gov/vuln/detail/CVE-2023-42503

---
 kogito-build/kogito-dependencies-bom/pom.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/kogito-build/kogito-dependencies-bom/pom.xml b/kogito-build/kogito-dependencies-bom/pom.xml
index f7621249f60..30a5a41a4b8 100644
--- a/kogito-build/kogito-dependencies-bom/pom.xml
+++ b/kogito-build/kogito-dependencies-bom/pom.xml
@@ -124,6 +124,7 @@
     <version.com.github.stephenc.jcip>1.0-1</version.com.github.stephenc.jcip>
     <version.black.ninia>4.1.1</version.black.ninia>
     <version.com.google.guava>32.0.1-jre</version.com.google.guava>
+    <version.apache.commons.commons-compress>1.24.0</version.apache.commons.commons-compress>
   </properties>
 
   <dependencyManagement>
@@ -134,6 +135,12 @@
         <artifactId>guava</artifactId>
         <version>${version.com.google.guava}</version>
       </dependency>
+      <!-- CVE-2023-42503: Apache Commons Compress denial of service vulnerability. More info: https://nvd.nist.gov/vuln/detail/CVE-2023-42503 -->
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-compress</artifactId>
+        <version>${version.apache.commons.commons-compress}</version>
+      </dependency>
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>