From dab79fff2744f8737904a4416bf95cdd7d86c13a Mon Sep 17 00:00:00 2001
From: Robin Cher <robincher@gmail.com>
Date: Thu, 25 Jul 2019 14:35:26 +0800
Subject: [PATCH 1/2] Set testing env to use Ubuntu trusty

---
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 6964c86..d460873 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,6 +3,8 @@ language: java
 jdk:
 - oraclejdk8
 
+dist: trusty
+
 env:
 - GRADLE_OPTS="-Dfile.encoding=utf-8"
 

From d089ec750aac9778da879c2ae9faa038efdc56bb Mon Sep 17 00:00:00 2001
From: Robin Cher <robincher@gmail.com>
Date: Thu, 25 Jul 2019 14:47:32 +0800
Subject: [PATCH 2/2] Patch for CVE-2019-12814 and update Changelog

---
 CHANGELOG.md | 81 +++++++++++++++++++++++++++++++++-------------------
 build.gradle |  4 +--
 pom.xml      |  4 +--
 3 files changed, 55 insertions(+), 34 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e19f00..c4788b1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,33 +1,54 @@
 # Change Log
 
-## Added 
-### V1.0-SNAPSHOT
-+ Initial release with HMAC256 and RSA256 signing utility
-### V1.0.1-SNAPSHOT
-+ Enhancement for Issue #1 - ApiList sorting is not based on key first then value
-### V1.1.0-SNAPSHOT
-+ Minor refactoring
-+ Update interface name so as be intuitive 
-+ Update corresponding test cases
-+ Include Issue/PR templates
-+ Include Contribution template
-### V1.1.1-SNAPSHOT
-+ Minor refactoring
-+ Update documentation
-+ Update templates
-### V1.1.2-SNAPSHOT
-+ Minor refactoring
-+ Update documentation
-### V1.2.0-SNAPSHOT
-+ Bug fixes for null value checking
-+ Update basestring method to suppport use-case where value of queryparam or form value is empty
-+ Update nonce method to generate base64 encoded string value of 32 bytes characters
-### V1.3.0-SNAPSHOT
-+ Update test-suites framework to cover more use-case scenarios
-+ Add Utility to read from PKI Key with PEM format
-+ Update README documentation
-### V1.3.1-SNAPSHOT
-+ Update dependency library for jackson-databind to version 2.9.8
-+ Update mvn command to pull centralised unit-test cases from github repository
+### V1.3.3-SNAPSHOT
+
+- Set TravisCI build dist to Trusty
+- Fixed vulnerablity CVE-2019-12814
+
 ### V1.3.2-SNAPSHOT
-+ Update ApiSigning class to support non-standard http port
\ No newline at end of file
+
+- Update ApiSigning class to support non-standard http port
+
+### V1.3.1-SNAPSHOT
+
+- Update dependency library for jackson-databind to version 2.9.8
+- Update mvn command to pull centralised unit-test cases from github repository
+
+### V1.3.0-SNAPSHOT
+
+- Update test-suites framework to cover more use-case scenarios
+- Add Utility to read from PKI Key with PEM format
+- Update README documentation
+
+### V1.2.0-SNAPSHOT
+
+- Bug fixes for null value checking
+- Update basestring method to suppport use-case where value of queryparam or form value is empty
+- Update nonce method to generate base64 encoded string value of 32 bytes characters
+
+### V1.1.2-SNAPSHOT
+
+- Minor refactoring
+- Update documentation
+
+### V1.1.1-SNAPSHOT
+
+- Minor refactoring
+- Update documentation
+- Update templates
+
+### V1.1.0-SNAPSHOT
+
+- Minor refactoring
+- Update interface name so as be intuitive
+- Update corresponding test cases
+- Include Issue/PR templates
+- Include Contribution template
+
+### V1.0.1-SNAPSHOT
+
+- Enhancement for Issue #1 - ApiList sorting is not based on key first then value
+
+### V1.0-SNAPSHOT
+
+- Initial release with HMAC256 and RSA256 signing utility
diff --git a/build.gradle b/build.gradle
index f47d4bc..cb5f466 100644
--- a/build.gradle
+++ b/build.gradle
@@ -4,7 +4,7 @@ plugins {
     id 'com.github.kt3k.coveralls' version '2.6.3'
 }
 
-version '1.3.2-SNAPSHOT'
+version '1.3.3-SNAPSHOT'
 
 tasks.withType(JavaCompile) {
     options.encoding = "UTF-8"
@@ -18,7 +18,7 @@ dependencies {
     //compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1'
     compile group: 'commons-lang', name: 'commons-lang', version: '2.4'
     compile group: 'org.slf4j', name: 'slf4j-api', version: '1.7.25'
-    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.8'
+    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.9.1'
     compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
     compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.60'
     testCompile group: 'org.slf4j', name: 'slf4j-log4j12', version: '1.7.25'
diff --git a/pom.xml b/pom.xml
index 6cabfec..87a4470 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.api.util</groupId>
   <artifactId>ApiSecurity</artifactId>
-  <version>1.3.2-SNAPSHOT</version>
+  <version>1.3.3-SNAPSHOT</version>
   <build>
     <plugins>
       <plugin>
@@ -90,7 +90,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.9</version>
+            <version>2.9.9.1</version>
         </dependency>
         <dependency>
 		    <groupId>com.googlecode.json-simple</groupId>