Merge branch 'release/1.2.3'

Author: LEDfan

pom.xml

@@ -5,15 +5,15 @@
 
     <groupId>eu.openanalytics</groupId>
     <artifactId>containerproxy</artifactId>
-    <version>1.2.2</version>
+    <version>1.2.3</version>
     <name>ContainerProxy</name>
     <packaging>jar</packaging>
     <inceptionYear>2016</inceptionYear>
 
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.4.11</version>
+        <version>3.4.13</version>
         <relativePath/>
     </parent>
 
@@ -23,7 +23,7 @@
         <maven.compiler.source>21</maven.compiler.source>
         <maven.compiler.target>21</maven.compiler.target>
         <!-- Dependency versions -->
-        <spring-boot.version>3.4.11</spring-boot.version>
+        <spring-boot.version>3.4.13</spring-boot.version>
         <aws-java-sdk.version>2.31.21</aws-java-sdk.version>
         <commons-collections4.version>4.4</commons-collections4.version>
         <commons-io.version>2.19.0</commons-io.version>
@@ -430,6 +430,28 @@
             <groupId>jakarta.mail</groupId>
             <artifactId>jakarta.mail-api</artifactId>
         </dependency>
+
+        <!-- Transitive dependencies updated for security -->
+        <dependency>
+            <groupId>io.undertow</groupId>
+            <artifactId>undertow-core</artifactId>
+            <version>2.3.21.Final</version>
+        </dependency>
+        <dependency>
+            <groupId>io.undertow</groupId>
+            <artifactId>undertow-servlet</artifactId>
+            <version>2.3.21.Final</version>
+        </dependency>
+        <dependency>
+            <groupId>io.undertow</groupId>
+            <artifactId>undertow-websockets-jsr</artifactId>
+            <version>2.3.21.Final</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.25.3</version>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>

src/main/java/eu/openanalytics/containerproxy/ContainerFailedToStartException.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *
@@ -30,6 +30,7 @@
 import eu.openanalytics.containerproxy.util.LoggingConfigurer;
 import eu.openanalytics.containerproxy.util.ProxyMappingManager;
 import io.undertow.Handlers;
+import io.undertow.UndertowOptions;
 import io.undertow.server.handlers.SameSiteCookieHandler;
 import io.undertow.servlet.api.ServletSessionConfig;
 import io.undertow.servlet.api.SessionManagerFactory;
@@ -338,6 +339,12 @@ public UndertowServletWebServerFactory servletContainer() {
             throw new IllegalArgumentException("Invalid bind address specified", e);
         }
         factory.setPort(Integer.parseInt(environment.getProperty("proxy.port", "8080")));
+        factory.addBuilderCustomizers(builder -> {
+            // allow uploads of unlimited size
+            builder.setServerOption(UndertowOptions.MAX_ENTITY_SIZE, -1L);
+            // limit parsing of multipart requests to 2MB (see #36099), multipart requests are not used in ShinyProxy
+            builder.setServerOption(UndertowOptions.MULTIPART_MAX_ENTITY_SIZE, 2097152L);
+        });
         return factory;
     }
 

src/main/java/eu/openanalytics/containerproxy/ContainerProxyException.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/MemoryStoreConfiguration.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/ProxyFailedToStartException.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/ProxyStartValidationException.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/RedisSessionConfig.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/RedisStoreConfiguration.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *

src/main/java/eu/openanalytics/containerproxy/api/ApiSecurityService.java

@@ -1,7 +1,7 @@
 /*
  * ContainerProxy
  *
- * Copyright (C) 2016-2025 Open Analytics
+ * Copyright (C) 2016-2026 Open Analytics
  *
  * ===========================================================================
  *