From 14d38b19fe6670beb41f5efd671a33c583befd0b Mon Sep 17 00:00:00 2001
From: tawoe <tawoe@posteo.de>
Date: Thu, 26 Feb 2026 16:29:38 +0100
Subject: [PATCH 1/2] bind http4s to port 8080

---
 obp-api/src/main/scala/bootstrap/http4s/Http4sServer.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/obp-api/src/main/scala/bootstrap/http4s/Http4sServer.scala b/obp-api/src/main/scala/bootstrap/http4s/Http4sServer.scala
index 6c2c72cbc9..f25351b96c 100644
--- a/obp-api/src/main/scala/bootstrap/http4s/Http4sServer.scala
+++ b/obp-api/src/main/scala/bootstrap/http4s/Http4sServer.scala
@@ -12,7 +12,7 @@ object Http4sServer extends IOApp {
   // new bootstrap.http4s.Http4sBoot().boot
   new bootstrap.liftweb.Boot().boot
 
-  val port = APIUtil.getPropsAsIntValue("http4s.port",8086)
+  val port = APIUtil.getPropsAsIntValue("http4s.port",8080)
   // Default changed from 127.0.0.1 to 0.0.0.0 so the server binds to all network interfaces.
   // It is still configurable via the http4s.host property.
   val host = APIUtil.getPropsValue("http4s.host","0.0.0.0")

From 1c860a84204016149d53a1e0443a97e0a20bc69a Mon Sep 17 00:00:00 2001
From: hongwei <hongwei@tesobe.com>
Date: Thu, 26 Feb 2026 19:26:30 +0100
Subject: [PATCH 2/2] security: Fix critical CVEs and update security
 dependencies

- Remove insecure HTTP repository from obp-commons (MITM vector)
- Update BouncyCastle to 1.78.1 (fixes CVE-2023-33201, CVE-2024-29857)
- Update MySQL Connector to 8.0.33 (fixes CVE-2023-21971, CVE-2023-21980)
- Update slf4j libraries to 2.0.16 (5+ years of security patches)
- Update Apache HttpClient to 4.5.14 (latest security patches)
- Centralize Guava version management (32.0.0-jre)
- Update Maven plugins (resources: 3.3.1, site: 4.0.0-M13)
- Remove obsolete commented code blocks

All changes verified with successful compilation and dependency resolution.
---
 obp-api/pom.xml     | 117 +++++++-------------------------------------
 obp-commons/pom.xml |  10 ----
 pom.xml             |  10 +++-
 3 files changed, 25 insertions(+), 112 deletions(-)

diff --git a/obp-api/pom.xml b/obp-api/pom.xml
index f84632ca0d..9a458a62a0 100644
--- a/obp-api/pom.xml
+++ b/obp-api/pom.xml
@@ -14,34 +14,12 @@
   <packaging>jar</packaging>
   <name>Open Bank Project API</name>
 
-  <pluginRepositories>
-    <pluginRepository>
-      <id>org.sonatype.oss.groups.public</id>
-    <name>Sonatype Public</name>
-      <url>https://oss.sonatype.org/content/groups/public</url>
-    </pluginRepository>
-  </pluginRepositories>
-
   <dependencies>
     <dependency>
       <groupId>com.tesobe</groupId>
       <artifactId>obp-commons</artifactId>
     </dependency>
-    <!--embed akka adapter start - COMMENTED OUT FOR PEKKO MIGRATION-->
-    <!-- TODO: Find or create Pekko equivalent for adapter-akka-commons
-    <dependency>
-      <groupId>com.github.OpenBankProject.OBP-Adapter-Akka-SpringBoot</groupId>
-      <artifactId>adapter-akka-commons</artifactId>
-      <version>v1.1.0</version>
-      <exclusions>
-        <exclusion>
-          <groupId>*</groupId>
-          <artifactId>*</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    -->
-    <!--embed akka adapter end-->
+
     <dependency>
       <groupId>com.github.everit-org.json-schema</groupId>
       <artifactId>org.everit.json.schema</artifactId>
@@ -64,17 +42,17 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>log4j-over-slf4j</artifactId>
-      <version>1.7.26</version>
+      <version>2.0.16</version>
     </dependency>
     <dependency>
       <artifactId>slf4j-ext</artifactId>
       <groupId>org.slf4j</groupId>
-      <version>1.7.26</version>
+      <version>2.0.16</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpg-jdk15on</artifactId>
-      <version>1.70</version>
+      <artifactId>bcpg-jdk18on</artifactId>
+      <version>1.78.1</version>
     </dependency>
     <dependency>
       <groupId>org.http4s</groupId>
@@ -88,8 +66,8 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk15on</artifactId>
-      <version>1.70</version>
+      <artifactId>bcpkix-jdk18on</artifactId>
+      <version>1.78.1</version>
     </dependency>
     <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
     <dependency>
@@ -120,18 +98,14 @@
       <version>2.2.220</version>
       <scope>runtime</scope>
     </dependency>
-    <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
+    <!-- https://mvnrepository.com/artifact/com.mysql/mysql-connector-j -->
+    <!-- Updated from mysql:mysql-connector-java (deprecated) to com.mysql:mysql-connector-j -->
     <dependency>
-      <groupId>mysql</groupId>
-      <artifactId>mysql-connector-java</artifactId>
-      <version>8.0.30</version>
+      <groupId>com.mysql</groupId>
+      <artifactId>mysql-connector-j</artifactId>
+      <version>8.0.33</version>
     </dependency>
-    <!--    <dependency>
-          <groupId>com.microsoft.sqlserver</groupId>
-          <artifactId>mssql-jdbc</artifactId>
-          <version>6.2.0.jre8</version>
-          <scope>test</scope>
-        </dependency>-->
+
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
@@ -151,7 +125,7 @@
     <dependency>
       <groupId>org.apache.httpcomponents</groupId>
       <artifactId>httpclient</artifactId>
-      <version>4.5.13</version>
+      <version>4.5.14</version>
     </dependency>
     <dependency>
       <groupId>org.apache.commons</groupId>
@@ -164,17 +138,7 @@
       <artifactId>amqp_3.1_${scala.version}</artifactId>
       <version>1.5.0</version>
     </dependency>
-<!--    <dependency>-->
-<!--      <groupId>com.tokbox</groupId>-->
-<!--      <artifactId>opentok-server-sdk</artifactId>-->
-<!--      <version>3.0.0-beta.2</version>-->
-<!--      <exclusions>-->
-<!--        <exclusion>-->
-<!--          <groupId>com.fasterxml.jackson.core</groupId>-->
-<!--          <artifactId>jackson-databind</artifactId>-->
-<!--        </exclusion>-->
-<!--      </exclusions>-->
-<!--    </dependency>-->
+
     <dependency>
       <groupId>org.elasticsearch</groupId>
       <artifactId>elasticsearch</artifactId>
@@ -440,13 +404,7 @@
       <version>3.2.7-RELEASE</version>
     </dependency>
 
-    <!-- util convert Future to js Promise
-    <dependency>
-      <groupId>org.scala-js</groupId>
-      <artifactId>scalajs-library_${scala.version}</artifactId>
-      <version>1.9.0</version>
-    </dependency>
-    -->
+
     <dependency>
       <groupId>org.graalvm.js</groupId>
       <artifactId>js</artifactId>
@@ -650,7 +608,6 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-resources-plugin</artifactId>
-          <version>3.0.1</version>
           <executions>
             <execution>
               <id>default-copy-resources</id>
@@ -737,47 +694,7 @@
           </execution>
         </executions>
       </plugin>
-      <!--soap related plugin begin-->
-<!--      <plugin>-->
-<!--        <groupId>org.scalaxb</groupId>-->
-<!--        <artifactId>scalaxb-maven-plugin</artifactId>-->
-<!--        <version>1.7.5</version>-->
-<!--        <configuration>-->
-<!--          <packageName>code.adapter.soap</packageName>-->
-<!--          <wsdlDirectory>src/main/resources/custom_webapp/wsdl</wsdlDirectory>-->
-<!--          <xsdDirectory>src/main/resources/custom_webapp/xsd</xsdDirectory>-->
-<!--        </configuration>-->
-<!--        <executions>-->
-<!--          <execution>-->
-<!--            <id>scalaxb</id>-->
-<!--            <goals>-->
-<!--              <goal>generate</goal>-->
-<!--            </goals>-->
-<!--          </execution>-->
-<!--        </executions>-->
-<!--      </plugin>-->
-      <!--grpc related plugin begin-->
-      <!-- currently not need, enable this plugin when need generate new grpc code.
-      <plugin>
-       <groupId>net.catte</groupId>
-       <artifactId>scalapb-maven-plugin</artifactId>
-       <version>1.2</version>
-       <configuration>
-         <javaOutput>false</javaOutput>
-         <inputDirectory>${basedir}/src/main/protobuf</inputDirectory>
-         <outputDirectory>${basedir}/src/main/scala</outputDirectory>
-         <grpc>true</grpc>
-       </configuration>
-       <executions>
-         <execution>
-           <goals>
-             <goal>compile</goal>
-           </goals>
-           <phase>generate-sources</phase>
-         </execution>
-       </executions>
-     </plugin>-->
-     <!--grpc related plugin end-->
+
     </plugins>
   </build>
   <reporting>
diff --git a/obp-commons/pom.xml b/obp-commons/pom.xml
index bf6bf16d27..a229fcf2ae 100644
--- a/obp-commons/pom.xml
+++ b/obp-commons/pom.xml
@@ -13,14 +13,6 @@
     <packaging>jar</packaging>
     <name>Open Bank Project Commons</name>
 
-    <repositories>
-        <repository>
-            <id>artima</id>
-            <name>Artima Maven Repository</name>
-            <url>http://repo.artima.com/releases</url>
-        </repository>
-    </repositories>
-
     <dependencies>
         <dependency>
             <groupId>net.liftweb</groupId>
@@ -83,7 +75,6 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>32.0.0-jre</version>
         </dependency>
     </dependencies>
 
@@ -170,7 +161,6 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
-                <version>3.0.1</version>
                 <executions>
                     <execution>
                         <id>default-copy-resources</id>
diff --git a/pom.xml b/pom.xml
index 768b4f9054..449eb63d37 100644
--- a/pom.xml
+++ b/pom.xml
@@ -101,6 +101,12 @@
         <artifactId>commons-text</artifactId>
         <version>1.12.0</version>
       </dependency>
+      <!-- https://mvnrepository.com/artifact/com.google.guava/guava -->
+      <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>32.0.0-jre</version>
+      </dependency>
       <dependency>
         <groupId>org.scalatest</groupId>
         <artifactId>scalatest_${scala.version}</artifactId>
@@ -186,7 +192,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-resources-plugin</artifactId>
-          <version>3.0.1</version>
+          <version>3.3.1</version>
           <executions>
             <execution>
               <id>default-copy-resources</id>
@@ -236,7 +242,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-site-plugin</artifactId>
-        <version>3.7.1</version>
+        <version>4.0.0-M13</version>
       </plugin>
 
       </plugins>