From b2c91dd5f323f58f4b2560eb226de2604962d91c Mon Sep 17 00:00:00 2001
From: Valery Kharseko <vharseko@3a-systems.ru>
Date: Tue, 25 Jun 2024 13:02:23 +0300
Subject: [PATCH] CVE-2023-22899 CVE-2018-1002202 CVE-2022-24615 Bump
 net.lingala.zip4j 2.11.5 (#43)

---
 .../openidm/maintenance/upgrade/UpdateManager.java          | 2 +-
 .../openidm/maintenance/upgrade/UpdateManagerImpl.java      | 6 +++---
 pom.xml                                                     | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManager.java b/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManager.java
index ea968be05d..abc8a3da74 100644
--- a/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManager.java
+++ b/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManager.java
@@ -96,7 +96,7 @@ public interface UpdateManager {
      * Get the contents of an archive file as a string
      * @param archive
      * @param file
-     * @return
+     * @return JsonValue
      * @throws UpdateException
      */
     JsonValue getArchiveFile(Path archive, Path file) throws UpdateException;
diff --git a/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManagerImpl.java b/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManagerImpl.java
index 456ebee430..aad9764c97 100644
--- a/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManagerImpl.java
+++ b/openidm-maintenance/src/main/java/org/forgerock/openidm/maintenance/upgrade/UpdateManagerImpl.java
@@ -56,7 +56,7 @@
 
 import difflib.DiffUtils;
 import difflib.Patch;
-import net.lingala.zip4j.core.ZipFile;
+import net.lingala.zip4j.ZipFile;
 import net.lingala.zip4j.exception.ZipException;
 import org.apache.commons.io.FileUtils;
 import org.forgerock.commons.launcher.OSGiFrameworkService;
@@ -805,7 +805,7 @@ public JsonValue getLicense(Path archiveFile) throws UpdateException {
             } catch (IOException e) {
                 throw new UpdateException("Unable to load license file.", e);
             }
-        } catch (IOException | ZipException e) {
+        } catch (IOException e) {
             return json(object());
         }
     }
@@ -1429,7 +1429,7 @@ Path extractFileToDirectory(File zipFile, Path fileToExtract) throws UpdateExcep
             Path tmpDir = Files.createTempDirectory(UUID.randomUUID().toString());
             zip.extractFile(fileToExtract.toString(), tmpDir.toString());
             return tmpDir.resolve(fileToExtract).getParent();
-        } catch (IOException | ZipException e) {
+        } catch (IOException  e) {
             throw new UpdateException("Unable to load " + fileToExtract + ".", e);
         }
     }
diff --git a/pom.xml b/pom.xml
index 04489fc323..27be42ab24 100644
--- a/pom.xml
+++ b/pom.xml
@@ -640,7 +640,7 @@
             <dependency>
                 <groupId>net.lingala.zip4j</groupId>
                 <artifactId>zip4j</artifactId>
-                <version>1.3.2</version>
+                <version>2.11.5</version>
             </dependency>
 
             <dependency>