dependency updates and spotbugs fixes

build/spotbugs-exclude.xml

@@ -21,7 +21,10 @@
 
 <FindBugsFilter>
     <Match>
-        <Bug pattern="SE_NO_SERIALVERSIONID,RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE,SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING"/>
+        <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
+    </Match>
+    <Match>
+        <Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING"/>
     </Match>
     <Match>
         <!-- due to bug https://github.com/spotbugs/spotbugs/issues/493 in spotbugs 3.1.3 -->

data-service/pom.xml

@@ -46,7 +46,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-war-plugin</artifactId>
-                <version>3.2.2</version>
+                <version>3.2.3</version>
                 <configuration>
                     <archiveClasses>true</archiveClasses>
                     <packagingExcludes>WEB-INF/classes</packagingExcludes>
@@ -130,7 +130,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.9</version>
+            <version>3.10</version>
         </dependency>
         <dependency>
             <groupId>com.sun.mail</groupId>
@@ -140,7 +140,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.11</version>
+            <version>4.5.12</version>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>

onejar/pom.xml

@@ -16,7 +16,7 @@
     <name>PWM Password Self Service: Executable Server JAR</name>
 
     <properties>
-        <tomcat.version>9.0.31</tomcat.version>
+        <tomcat.version>9.0.34</tomcat.version>
     </properties>
 
     <build>

pom.xml

@@ -120,7 +120,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.1.1</version>
+                <version>3.2.0</version>
                 <executions>
                     <execution>
                         <goals>
@@ -224,7 +224,7 @@
                     <dependency>
                         <groupId>com.puppycrawl.tools</groupId>
                         <artifactId>checkstyle</artifactId>
-                        <version>8.30</version>
+                        <version>8.31</version>
                     </dependency>
                 </dependencies>
                 <executions>
@@ -303,12 +303,12 @@
             <plugin>
                 <groupId>com.github.spotbugs</groupId>
                 <artifactId>spotbugs-maven-plugin</artifactId>
-                <version>3.1.12.2</version>
+                <version>4.0.0</version>
                 <dependencies>
                     <dependency>
                         <groupId>com.github.spotbugs</groupId>
                         <artifactId>spotbugs</artifactId>
-                        <version>4.0.0</version>
+                        <version>4.0.1</version>
                     </dependency>
                 </dependencies>
                 <configuration>
@@ -350,7 +350,7 @@
             <plugin> <!-- checks owsp vulnerability database -->
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>5.3.0</version>
+                <version>5.3.2</version>
                 <executions>
                     <execution>
                         <goals>
@@ -373,7 +373,7 @@
         <dependency>
             <groupId>com.github.spotbugs</groupId>
             <artifactId>spotbugs-annotations</artifactId>
-            <version>4.0.0</version>
+            <version>4.0.1</version>
             <scope>provided</scope>
         </dependency>
 
@@ -387,7 +387,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>3.3.0</version>
+            <version>3.3.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -399,7 +399,7 @@
         <dependency>
             <groupId>com.github.tomakehurst</groupId>
             <artifactId>wiremock</artifactId>
-            <version>2.26.1</version>
+            <version>2.26.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>

pwm-cr/pom.xml

@@ -41,7 +41,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
-            <version>1.64</version>
+            <version>1.65</version>
         </dependency>
     </dependencies>
 

server/pom.xml

@@ -202,7 +202,7 @@
         <dependency>
             <groupId>org.apache.directory.api</groupId>
             <artifactId>api-all</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.1</version>
         </dependency>
         <dependency>
             <groupId>commons-net</groupId>
@@ -227,7 +227,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.9</version>
+            <version>3.10</version>
         </dependency>
         <dependency>
             <groupId>commons-validator</groupId>
@@ -242,7 +242,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.11</version>
+            <version>4.5.12</version>
         </dependency>
         <dependency>
             <groupId>org.graylog2</groupId>
@@ -267,12 +267,12 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.64</version>
+            <version>1.65</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
-            <version>1.64</version>
+            <version>1.65</version>
         </dependency>
         <dependency>
             <groupId>jaxen</groupId>
@@ -302,7 +302,7 @@
         <dependency>
             <groupId>com.blueconic</groupId>
             <artifactId>browscap-java</artifactId>
-            <version>1.2.14</version>
+            <version>1.2.16</version>
         </dependency>
         <dependency>
             <groupId>org.jetbrains.xodus</groupId>

server/src/main/java/password/pwm/bean/UserIdentity.java

@@ -40,6 +40,8 @@ import java.util.StringTokenizer;
 
 public class UserIdentity implements Serializable, Comparable
 {
+    private static final long serialVersionUID = 1L;
+
     private static final String CRYPO_HEADER = "ui_C-";
     private static final String DELIM_SEPARATOR = "|";
 

server/src/main/java/password/pwm/config/profile/PwmPasswordPolicy.java

@@ -54,6 +54,7 @@ import java.util.regex.Pattern;
  */
 public class PwmPasswordPolicy implements Profile, Serializable
 {
+    private static final long serialVersionUID = 1L;
 
     private static final PwmLogger LOGGER = PwmLogger.forClass( PwmPasswordPolicy.class );
 

server/src/main/java/password/pwm/config/value/NamedSecretValue.java

@@ -52,6 +52,7 @@ import java.util.Optional;
 
 public class NamedSecretValue implements StoredValue
 {
+    private static final long serialVersionUID = 1L;
 
     private final transient LazySupplier<String> valueHashSupplier = new LazySupplier<>( () -> AbstractValue.valueHashComputer( NamedSecretValue.this ) );
 

server/src/main/java/password/pwm/config/value/PasswordValue.java

@@ -45,6 +45,8 @@ import java.util.Optional;
 
 public class PasswordValue implements StoredValue
 {
+    private static final long serialVersionUID = 1L;
+
     private final transient LazySupplier<String> valueHashSupplier = new LazySupplier<>( () -> AbstractValue.valueHashComputer( PasswordValue.this ) );
 
     private final PasswordData value;

server/src/main/java/password/pwm/http/ContextManager.java

@@ -77,6 +77,8 @@ import java.util.concurrent.atomic.AtomicInteger;
 
 public class ContextManager implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private static final PwmLogger LOGGER = PwmLogger.forClass( ContextManager.class );
     private static final SessionLabel SESSION_LABEL = SessionLabel.CONTEXT_SESSION_LABEL;
 

server/src/main/java/password/pwm/http/PwmSession.java

@@ -58,6 +58,8 @@ import java.util.Map;
  */
 public class PwmSession implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private static final PwmLogger LOGGER = PwmLogger.forClass( PwmSession.class );
 
     private final transient PwmApplication pwmApplication;

server/src/main/java/password/pwm/http/bean/ConfigManagerBean.java

@@ -30,6 +30,8 @@ import java.util.Set;
 @Data
 public class ConfigManagerBean extends PwmSessionBean
 {
+    private static final long serialVersionUID = 1L;
+
     private transient StoredConfiguration storedConfiguration;
     private boolean passwordVerified;
     private boolean configUnlockedWarningShown;

server/src/main/java/password/pwm/http/bean/ForgottenPasswordBean.java

@@ -49,6 +49,8 @@ import java.util.Set;
 @EqualsAndHashCode( callSuper = false )
 public class ForgottenPasswordBean extends PwmSessionBean
 {
+    private static final long serialVersionUID = 1L;
+
     @SerializedName( "pr" )
     private String profile;
 
@@ -82,6 +84,8 @@ public class ForgottenPasswordBean extends PwmSessionBean
     @Data
     public static class Progress implements Serializable
     {
+        private static final long serialVersionUID = 1L;
+
         @SerializedName( "s" )
         private boolean tokenSent;
 

server/src/main/java/password/pwm/http/servlet/admin/UserDebugDataBean.java

@@ -36,6 +36,8 @@ import java.util.Map;
 @Builder
 public class UserDebugDataBean implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private transient UserInfo userInfo;
 
     private final PublicUserInfoBean publicUserInfoBean;

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskVerificationStateBean.java

@@ -49,6 +49,8 @@ import java.util.TreeMap;
 
 class HelpdeskVerificationStateBean implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private static final PwmLogger LOGGER = PwmLogger.forClass( HelpdeskVerificationStateBean.class );
     public static final String PARAMETER_VERIFICATION_STATE_KEY = "verificationState";
 

server/src/main/java/password/pwm/ldap/search/SearchConfiguration.java

@@ -39,6 +39,8 @@ import java.util.Map;
 @Builder( toBuilder = true )
 public class SearchConfiguration implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private String filter;
     private String ldapProfile;
     private String username;

server/src/main/java/password/pwm/svc/wordlist/WordlistConfiguration.java

@@ -47,6 +47,8 @@ import java.util.function.Supplier;
 @Builder( toBuilder = true )
 public class WordlistConfiguration implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     static final int STREAM_BUFFER_SIZE = 1_1024_1024;
     static final PwmHashAlgorithm HASH_ALGORITHM = PwmHashAlgorithm.SHA256;
 

server/src/main/java/password/pwm/util/LDAPPermissionCalculator.java

@@ -57,6 +57,8 @@ import java.util.TreeMap;
 
 public class LDAPPermissionCalculator implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private static final PwmLogger LOGGER = PwmLogger.forClass( LDAPPermissionCalculator.class );
 
     private final transient StoredConfiguration storedConfiguration;

server/src/main/java/password/pwm/util/PasswordData.java

@@ -43,6 +43,8 @@ import java.util.Arrays;
  */
 public class PasswordData implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private static final PwmLogger LOGGER = PwmLogger.forClass( PasswordData.class );
 
     private final byte[] passwordData;

server/src/main/java/password/pwm/ws/server/RestAuthentication.java

@@ -32,6 +32,8 @@ import java.util.Set;
 @Value
 public class RestAuthentication implements Serializable
 {
+    private static final long serialVersionUID = 1L;
+
     private RestAuthenticationType type;
     private String namedSecretName;
     private UserIdentity ldapIdentity;

webapp/pom.xml

@@ -91,7 +91,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-war-plugin</artifactId>
-                <version>3.2.2</version>
+                <version>3.2.3</version>
                 <configuration>
                     <archiveClasses>false</archiveClasses>
                     <packagingExcludes>**/*.jsp</packagingExcludes>
@@ -182,7 +182,7 @@
                 <!-- builds xml file of dependencies and licenses for use in about page -->
                 <groupId>com.github.jinnovations</groupId>
                 <artifactId>attribution-maven-plugin</artifactId>
-                <version>0.9.7</version>
+                <version>0.9.8</version>
                 <executions>
                     <execution>
                         <goals>