updated dependencies + added commons-text to fix deprecation of lang3.StringEscapeUtils.

Author: mbien

app/pom.xml

@@ -40,23 +40,23 @@ limitations under the License.
         <jstl.version>1.2</jstl.version>
         <angular.version>1.7.8</angular.version>
         <ant.version>1.10.8</ant.version>
-        <asm.version>8.0.1</asm.version>
-        <commons-validator.version>1.6</commons-validator.version>
+        <asm.version>9.0-beta</asm.version>
+        <commons-validator.version>1.7</commons-validator.version>
         <commons-beanutils.version>1.9.4</commons-beanutils.version>
         <commons-httpclient.version>3.1</commons-httpclient.version>
-        <commons-codec.version>1.14</commons-codec.version>
+        <commons-codec.version>1.15</commons-codec.version>
         <eclipse-link.version>2.7.7</eclipse-link.version>
         <guice.version>4.2.3</guice.version>
-        <log4j2.version>2.12.1</log4j2.version>
-        <lucene.version>8.6.0</lucene.version>
+        <log4j2.version>2.13.3</log4j2.version>
+        <lucene.version>8.6.2</lucene.version>
         <oauth-core.version>20100527</oauth-core.version>
         <maven-war.version>3.2.3</maven-war.version>
         <maven-surefire.version>2.17</maven-surefire.version>
         <maven-antrun.version>1.0b3</maven-antrun.version>
         <rome.version>1.15.0</rome.version>
         <slf4j.version>1.7.30</slf4j.version>
-        <spring.version>5.2.7.RELEASE</spring.version>
-        <spring.security.version>5.3.3.RELEASE</spring.security.version>
+        <spring.version>5.2.9.RELEASE</spring.version>
+        <spring.security.version>5.4.0</spring.security.version>
         <struts.version>2.5.22</struts.version>
         <velocity.version>2.2</velocity.version>
         <webjars.version>1.5</webjars.version>
@@ -215,6 +215,12 @@ limitations under the License.
             <groupId>org.apache.struts</groupId>
             <artifactId>struts2-core</artifactId>
             <version>${struts.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -367,6 +373,12 @@ limitations under the License.
             <artifactId>commons-codec</artifactId>
             <version>${commons-codec.version}</version>
         </dependency>
+        
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.9</version>
+         </dependency>
 
         <dependency>
             <groupId>xml-security</groupId>

app/src/main/java/org/apache/roller/planet/business/fetcher/RomeFeedFetcher.java

@@ -37,7 +37,7 @@
 import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

app/src/main/java/org/apache/roller/weblogger/business/plugins/entry/ObfuscateEmailPlugin.java

@@ -18,7 +18,7 @@
 
 package org.apache.roller.weblogger.business.plugins.entry;
 
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.roller.weblogger.WebloggerException;

app/src/main/java/org/apache/roller/weblogger/business/plugins/entry/SmileysPlugin.java

@@ -22,7 +22,7 @@
 import java.util.Properties;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.roller.weblogger.WebloggerException;

app/src/main/java/org/apache/roller/weblogger/pojos/WeblogEntry.java

@@ -37,7 +37,7 @@
 import java.util.StringTokenizer;
 import java.util.TreeSet;
 
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;

app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/WeblogEntryCommentWrapper.java

@@ -19,7 +19,7 @@
 package org.apache.roller.weblogger.pojos.wrapper;
 
 import java.sql.Timestamp;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.roller.weblogger.business.URLStrategy;
 import org.apache.roller.weblogger.business.WebloggerFactory;
 import org.apache.roller.weblogger.business.plugins.PluginManager;

app/src/main/java/org/apache/roller/weblogger/pojos/wrapper/WeblogWrapper.java

@@ -18,7 +18,7 @@
 
 package org.apache.roller.weblogger.pojos.wrapper;
 
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.roller.weblogger.WebloggerException;
 import org.apache.roller.weblogger.business.URLStrategy;
 import org.apache.roller.weblogger.pojos.TagStat;

app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsFeedModel.java

@@ -26,7 +26,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.lucene.document.Document;
@@ -240,7 +240,7 @@ public WeblogWrapper getWeblog() {
 	public String getTerm() {
 		String query =feedRequest.getTerm() ;
 		return (query == null) 
-			? "" : StringEscapeUtils.escapeXml(Utilities.escapeHTML(query));
+			? "" : StringEscapeUtils.escapeXml11(Utilities.escapeHTML(query));
 	}
 
 	public int getHits() {

app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/SearchResultsModel.java

@@ -27,7 +27,7 @@
 import java.util.TreeMap;
 import java.util.TreeSet;
 
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.lucene.document.Document;
 import org.apache.lucene.search.ScoreDoc;

app/src/main/java/org/apache/roller/weblogger/ui/rendering/model/UtilitiesModel.java

@@ -24,7 +24,7 @@
 import java.util.TimeZone;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -253,7 +253,7 @@ public String unescapeHTML(String str) {
     }
 
     public String escapeXML(String str) {
-        return StringEscapeUtils.escapeXml(str);
+        return StringEscapeUtils.escapeXml11(str);
     }
 
     public String unescapeXML(String str) {

app/src/main/java/org/apache/roller/weblogger/ui/rendering/util/WeblogEntryCommentForm.java

@@ -18,7 +18,7 @@
 
 package org.apache.roller.weblogger.ui.rendering.util;
 
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.roller.weblogger.pojos.WeblogEntryComment;
 import org.apache.roller.weblogger.pojos.wrapper.WeblogEntryCommentWrapper;
 

app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java

@@ -23,8 +23,8 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang3.StringEscapeUtils;
-import org.apache.commons.lang3.text.WordUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.apache.commons.text.WordUtils;
 import org.apache.roller.weblogger.business.Weblogger;
 import org.apache.roller.weblogger.business.WebloggerFactory;
 import org.apache.roller.weblogger.business.WeblogEntryManager;

app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIAction.java

@@ -19,7 +19,7 @@
 package org.apache.roller.weblogger.ui.struts2.util;
 
 import com.opensymphony.xwork2.ActionSupport;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.roller.weblogger.business.UserManager;
 import org.apache.roller.weblogger.business.WebloggerFactory;
 import org.apache.roller.weblogger.config.WebloggerConfig;

app/src/main/java/org/apache/roller/weblogger/util/Trackback.java

@@ -30,7 +30,7 @@
 import org.apache.commons.httpclient.HttpMethod;
 import org.apache.commons.httpclient.HttpStatus;
 import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

app/src/main/java/org/apache/roller/weblogger/util/Utilities.java

@@ -28,7 +28,7 @@
 import javax.mail.internet.InternetAddress;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

app/src/main/java/org/apache/roller/weblogger/webservices/opensearch/OpenSearchServlet.java

@@ -23,7 +23,7 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang3.StringEscapeUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.roller.weblogger.WebloggerException;
 import org.apache.roller.weblogger.business.URLStrategy;
 import org.apache.roller.weblogger.business.WebloggerFactory;
@@ -79,24 +79,24 @@ public void doGet(
         } catch (WebloggerException ex) {
             throw new ServletException("ERROR: fetching specified weblog");
         }
-        searchPage = StringEscapeUtils.escapeXml(
+        searchPage = StringEscapeUtils.escapeXml11(
                 strat.getWeblogSearchPageURLTemplate(weblog));
-        searchFeed = StringEscapeUtils.escapeXml(
+        searchFeed = StringEscapeUtils.escapeXml11(
                 strat.getWeblogSearchFeedURLTemplate(weblog));
 
         boolean siteWide = WebloggerRuntimeConfig.isSiteWideWeblog(handle);
         if (siteWide) {
-            shortName = "[Search Descriptor] " + StringEscapeUtils.escapeXml(
+            shortName = "[Search Descriptor] " + StringEscapeUtils.escapeXml11(
                     WebloggerRuntimeConfig.getProperty("site.shortName"));
-            description = StringEscapeUtils.escapeXml(
+            description = StringEscapeUtils.escapeXml11(
                     WebloggerRuntimeConfig.getProperty("site.description"));
-            contact = StringEscapeUtils.escapeXml(
+            contact = StringEscapeUtils.escapeXml11(
                     WebloggerRuntimeConfig.getProperty("site.adminemail"));
 
         } else {
-            shortName = StringEscapeUtils.escapeXml(weblog.getName());
-            description = StringEscapeUtils.escapeXml(weblog.getTagline());
-            contact = StringEscapeUtils.escapeXml(weblog.getEmailAddress());
+            shortName = StringEscapeUtils.escapeXml11(weblog.getName());
+            description = StringEscapeUtils.escapeXml11(weblog.getTagline());
+            contact = StringEscapeUtils.escapeXml11(weblog.getEmailAddress());
         }
 
         response.setContentType("application/opensearchdescription+xml");

app/src/main/webapp/WEB-INF/security.xml

@@ -22,7 +22,7 @@
        xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
           http://www.springframework.org/schema/security
-          http://www.springframework.org/schema/security/spring-security-5.3.xsd">
+          http://www.springframework.org/schema/security/spring-security-5.4.xsd">
 
     <http pattern="/images/**" security="none"/>
     <http pattern="/scripts/**" security="none"/>