Update OAuth2 OIDC SDK

gradle/verification-metadata.xml

@@ -946,9 +946,11 @@
             <sha256 value="fbfd0d5f2b2f86758b821daa5e79b5d7c965edd9dc1b2cc80b515df1c6ddc22d" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="com.nimbusds" name="nimbus-jose-jwt" version="9.23">
-         <artifact name="nimbus-jose-jwt-9.23.jar">
-            <sha256 value="33ab8084fdae1d75be1b061b1489d4a12045bd7b50c2e24ff152911e4551ec07" origin="Generated by Gradle"/>
+      <component group="com.nimbusds" name="nimbus-jose-jwt" version="9.37.3">
+         <artifact name="nimbus-jose-jwt-9.37.3.jar">
+            <sha256 value="12ae4a3a260095d7aeba2adea7ae396e8b9570db8b7b409e09a824c219cc0444" origin="Generated by Gradle">
+               <also-trust value="afc63b689d881439b95f343b1dca750391edac63b87392be4d90d19c94ccafbe"/>
+            </sha256>
          </artifact>
       </component>
       <component group="com.nimbusds" name="nimbus-jose-jwt" version="9.37.3">
@@ -961,6 +963,11 @@
             <sha256 value="7664cf8c6f2adadf600287812b32878277beda54912eab9d4c2932cd50cb704a" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="com.nimbusds" name="oauth2-oidc-sdk" version="11.10.1">
+         <artifact name="oauth2-oidc-sdk-11.10.1.jar">
+            <sha256 value="9e51b2c17503cdd3eb97f41491c712aff7783bb3c67185d789f44ccf2a603b26" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="com.nimbusds" name="oauth2-oidc-sdk" version="11.9.1">
          <artifact name="oauth2-oidc-sdk-11.9.1.jar">
             <sha256 value="0820c9690966304d075347b88e81ae490213440fc4d2c84f3d370d41941b2b9c" origin="Generated by Gradle"/>
@@ -1739,6 +1746,11 @@
             <sha256 value="64072f56d9dff5040b2acec477c5d5e6bcebfc88c508f12acb26072d07942146" origin="Generated by Gradle"/>
          </artifact>
       </component>
+      <component group="net.minidev" name="json-smart" version="2.5.1">
+         <artifact name="json-smart-2.5.1.jar">
+            <sha256 value="86c0c189581b79b57b0719f443a724e9f628ffbb9eef645cf79194f5973a1001" origin="Generated by Gradle"/>
+         </artifact>
+      </component>
       <component group="net.minidev" name="json-smart" version="2.5.0">
          <artifact name="json-smart-2.5.0.jar">
             <sha256 value="432b9e545848c4141b80717b26e367f83bf33f19250a228ce75da6e967da2bc7" origin="Generated by Gradle"/>

x-pack/plugin/security/build.gradle

@@ -79,12 +79,19 @@ dependencies {
   runtimeOnly "joda-time:joda-time:2.10.10"
 
   // Dependencies for oidc
-  api "com.nimbusds:oauth2-oidc-sdk:9.37"
-  api "com.nimbusds:nimbus-jose-jwt:9.23"
+  api "com.nimbusds:oauth2-oidc-sdk:11.10.1"
+  api project(path: xpackModule('security:lib:nimbus-jose-jwt-modified'), configuration: 'shadow')
+  if (isEclipse) {
+    /*
+     * Eclipse can't pick up the shadow dependency so we point it at the unmodified version of the library
+     * so it can compile things.
+     */
+    api "com.nimbusds:nimbus-jose-jwt:9.37.3"
+  }
   api "com.nimbusds:lang-tag:1.4.4"
   api "com.sun.mail:jakarta.mail:1.6.3"
   api "net.jcip:jcip-annotations:1.0"
-  api "net.minidev:json-smart:2.4.10"
+  api "net.minidev:json-smart:2.5.1"
   api "net.minidev:accessors-smart:2.4.2"
   api "org.ow2.asm:asm:8.0.1"
 
@@ -103,7 +110,6 @@ dependencies {
   testImplementation('org.apache.kerby:kerb-crypto:1.1.1')
   testImplementation('org.apache.kerby:kerb-util:1.1.1')
   testImplementation('org.apache.kerby:token-provider:1.1.1')
-  testImplementation('com.nimbusds:nimbus-jose-jwt:9.23')
   testImplementation('net.jcip:jcip-annotations:1.0')
   testImplementation('org.apache.kerby:kerb-admin:1.1.1')
   testImplementation('org.apache.kerby:kerb-server:1.1.1')
@@ -225,6 +231,9 @@ tasks.named("thirdPartyAudit").configure {
     'javax.servlet.http.HttpSession',
     'javax.servlet.http.HttpUpgradeHandler',
     'javax.servlet.http.Part',
+    'jakarta.servlet.ServletRequest',
+    'jakarta.servlet.http.HttpServletRequest',
+    'jakarta.servlet.http.HttpServletResponse',
     // [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
     'org.apache.velocity.VelocityContext',
     'org.apache.velocity.app.VelocityEngine',
@@ -274,112 +283,103 @@ tasks.named("thirdPartyAudit").configure {
     // [missing classes] Http Client cache has optional ehcache support
     'net.sf.ehcache.Ehcache',
     'net.sf.ehcache.Element',
-        // Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
-        // acknowledge them here instead of adding bouncy castle as a compileOnly dependency
-        'org.bouncycastle.asn1.ASN1Encodable',
-        'org.bouncycastle.asn1.ASN1InputStream',
-        'org.bouncycastle.asn1.ASN1Integer',
-        'org.bouncycastle.asn1.ASN1ObjectIdentifier',
-        'org.bouncycastle.asn1.ASN1OctetString',
-        'org.bouncycastle.asn1.ASN1Primitive',
-        'org.bouncycastle.asn1.ASN1Sequence',
-        'org.bouncycastle.asn1.ASN1TaggedObject',
-        // 'org.bouncycastle.asn1.DEROctetString',
-        'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo',
-        'org.bouncycastle.asn1.pkcs.EncryptionScheme',
-        'org.bouncycastle.asn1.pkcs.KeyDerivationFunc',
-        'org.bouncycastle.asn1.pkcs.PBEParameter',
-        'org.bouncycastle.asn1.pkcs.PBES2Parameters',
-        'org.bouncycastle.asn1.pkcs.PBKDF2Params',
-        'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers',
-        'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
-        'org.bouncycastle.asn1.x500.AttributeTypeAndValue',
-        'org.bouncycastle.asn1.x500.RDN',
-        'org.bouncycastle.asn1.x500.X500Name',
-        'org.bouncycastle.asn1.x509.AccessDescription',
-        'org.bouncycastle.asn1.x509.AlgorithmIdentifier',
-        'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier',
-        'org.bouncycastle.asn1.x509.BasicConstraints',
-        'org.bouncycastle.asn1.x509.DistributionPoint',
-        'org.bouncycastle.asn1.x509.Extension',
-        'org.bouncycastle.asn1.x509.GeneralName',
-        'org.bouncycastle.asn1.x509.GeneralNames',
-        'org.bouncycastle.asn1.x509.GeneralNamesBuilder',
-        'org.bouncycastle.asn1.x509.KeyPurposeId',
-        'org.bouncycastle.asn1.x509.KeyUsage',
-        'org.bouncycastle.asn1.x509.PolicyInformation',
-        'org.bouncycastle.asn1.x509.SubjectKeyIdentifier',
-        'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo',
-        // 'org.bouncycastle.asn1.x9.DomainParameters',
-        // 'org.bouncycastle.asn1.x9.ECNamedCurveTable',
-        'org.bouncycastle.asn1.x9.X9ECParameters',
-        'org.bouncycastle.cert.X509v3CertificateBuilder',
-        'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
-        'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils',
-        'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
-        'org.bouncycastle.crypto.BlockCipher',
-        'org.bouncycastle.crypto.BufferedBlockCipher',
-        'org.bouncycastle.crypto.CipherParameters',
-        'org.bouncycastle.crypto.Digest',
-        'org.bouncycastle.crypto.PBEParametersGenerator',
-        'org.bouncycastle.crypto.StreamCipher',
-        'org.bouncycastle.crypto.agreement.kdf.ConcatenationKDFGenerator',
-        // 'org.bouncycastle.crypto.ec.CustomNamedCurves',
-        'org.bouncycastle.crypto.engines.AESEngine',
-        'org.bouncycastle.crypto.generators.BCrypt',
-        'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
-        'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
-        'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
-        'org.bouncycastle.crypto.macs.HMac',
-        'org.bouncycastle.crypto.modes.AEADBlockCipher',
-        'org.bouncycastle.crypto.modes.GCMBlockCipher',
-        'org.bouncycastle.crypto.paddings.BlockCipherPadding',
-        'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher',
-        'org.bouncycastle.crypto.params.AsymmetricKeyParameter',
-        'org.bouncycastle.crypto.params.DSAKeyParameters',
-        'org.bouncycastle.crypto.params.DSAParameters',
-        'org.bouncycastle.crypto.params.DSAPrivateKeyParameters',
-        'org.bouncycastle.crypto.params.DSAPublicKeyParameters',
-        'org.bouncycastle.crypto.params.ECDomainParameters',
-        'org.bouncycastle.crypto.params.ECKeyParameters',
-        'org.bouncycastle.crypto.params.ECPrivateKeyParameters',
-        'org.bouncycastle.crypto.params.ECPublicKeyParameters',
-        // 'org.bouncycastle.crypto.params.KDFParameters',
-        'org.bouncycastle.crypto.params.KeyParameter',
-        'org.bouncycastle.crypto.params.RSAKeyParameters',
-        'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters',
-        'org.bouncycastle.crypto.prng.EntropySource',
-        'org.bouncycastle.crypto.prng.SP800SecureRandom',
-        'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder',
-        'org.bouncycastle.crypto.prng.drbg.SP80090DRBG',
-        'org.bouncycastle.crypto.signers.DSASigner',
-        'org.bouncycastle.crypto.signers.ECDSASigner',
-        'org.bouncycastle.crypto.signers.RSADigestSigner',
-        'org.bouncycastle.crypto.util.PrivateKeyFactory',
-        'org.bouncycastle.crypto.util.PrivateKeyInfoFactory',
-        'org.bouncycastle.crypto.util.PublicKeyFactory',
-        'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory',
-        'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi',
-        'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC',
-        'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi',
-        'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
-        'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
-        // 'org.bouncycastle.jce.ECNamedCurveTable',
-        // 'org.bouncycastle.jce.spec.ECNamedCurveParameterSpec',
-        'org.bouncycastle.math.ec.ECFieldElement',
-        'org.bouncycastle.math.ec.ECPoint',
-        'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
-        'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
-        'org.bouncycastle.util.Arrays',
-        'org.bouncycastle.util.io.Streams',
-        'org.bouncycastle.cert.jcajce.JcaX509CertificateHolder',
-        'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider',
-        'org.bouncycastle.cert.X509CertificateHolder',
-        'org.bouncycastle.openssl.PEMKeyPair',
-        'org.bouncycastle.openssl.PEMParser',
-        'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter',
-        'org.bouncycastle.crypto.InvalidCipherTextException',
-        'org.bouncycastle.jce.provider.BouncyCastleProvider',
+    // Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
+    // acknowledge them here instead of adding bouncy castle as a compileOnly dependency
+    'org.bouncycastle.asn1.ASN1Encodable',
+    'org.bouncycastle.asn1.ASN1InputStream',
+    'org.bouncycastle.asn1.ASN1Integer',
+    'org.bouncycastle.asn1.ASN1ObjectIdentifier',
+    'org.bouncycastle.asn1.ASN1OctetString',
+    'org.bouncycastle.asn1.ASN1Primitive',
+    'org.bouncycastle.asn1.ASN1Sequence',
+    'org.bouncycastle.asn1.ASN1TaggedObject',
+    // 'org.bouncycastle.asn1.DEROctetString',
+    'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo',
+    'org.bouncycastle.asn1.pkcs.EncryptionScheme',
+    'org.bouncycastle.asn1.pkcs.KeyDerivationFunc',
+    'org.bouncycastle.asn1.pkcs.PBEParameter',
+    'org.bouncycastle.asn1.pkcs.PBES2Parameters',
+    'org.bouncycastle.asn1.pkcs.PBKDF2Params',
+    'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers',
+    'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
+    'org.bouncycastle.asn1.x500.AttributeTypeAndValue',
+    'org.bouncycastle.asn1.x500.RDN',
+    'org.bouncycastle.asn1.x500.X500Name',
+    'org.bouncycastle.asn1.x509.AccessDescription',
+    'org.bouncycastle.asn1.x509.AlgorithmIdentifier',
+    'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier',
+    'org.bouncycastle.asn1.x509.BasicConstraints',
+    'org.bouncycastle.asn1.x509.DistributionPoint',
+    'org.bouncycastle.asn1.x509.Extension',
+    'org.bouncycastle.asn1.x509.GeneralName',
+    'org.bouncycastle.asn1.x509.GeneralNames',
+    'org.bouncycastle.asn1.x509.GeneralNamesBuilder',
+    'org.bouncycastle.asn1.x509.KeyPurposeId',
+    'org.bouncycastle.asn1.x509.KeyUsage',
+    'org.bouncycastle.asn1.x509.PolicyInformation',
+    'org.bouncycastle.asn1.x509.SubjectKeyIdentifier',
+    'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo',
+    // 'org.bouncycastle.asn1.x9.DomainParameters',
+    // 'org.bouncycastle.asn1.x9.ECNamedCurveTable',
+    'org.bouncycastle.asn1.x9.X9ECParameters',
+    'org.bouncycastle.cert.X509v3CertificateBuilder',
+    'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
+    'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils',
+    'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
+    'org.bouncycastle.crypto.BlockCipher',
+    'org.bouncycastle.crypto.BufferedBlockCipher',
+    'org.bouncycastle.crypto.CipherParameters',
+    'org.bouncycastle.crypto.Digest',
+    'org.bouncycastle.crypto.PBEParametersGenerator',
+    'org.bouncycastle.crypto.StreamCipher',
+    'org.bouncycastle.crypto.agreement.kdf.ConcatenationKDFGenerator',
+    // 'org.bouncycastle.crypto.ec.CustomNamedCurves',
+    'org.bouncycastle.crypto.generators.BCrypt',
+    'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
+    'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
+    'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
+    'org.bouncycastle.crypto.macs.HMac',
+    'org.bouncycastle.crypto.modes.AEADBlockCipher',
+    'org.bouncycastle.crypto.paddings.BlockCipherPadding',
+    'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher',
+    'org.bouncycastle.crypto.params.AsymmetricKeyParameter',
+    'org.bouncycastle.crypto.params.DSAKeyParameters',
+    'org.bouncycastle.crypto.params.DSAParameters',
+    'org.bouncycastle.crypto.params.DSAPrivateKeyParameters',
+    'org.bouncycastle.crypto.params.DSAPublicKeyParameters',
+    'org.bouncycastle.crypto.params.ECDomainParameters',
+    'org.bouncycastle.crypto.params.ECKeyParameters',
+    'org.bouncycastle.crypto.params.ECPrivateKeyParameters',
+    'org.bouncycastle.crypto.params.ECPublicKeyParameters',
+    // 'org.bouncycastle.crypto.params.KDFParameters',
+    'org.bouncycastle.crypto.params.KeyParameter',
+    'org.bouncycastle.crypto.params.RSAKeyParameters',
+    'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters',
+    'org.bouncycastle.crypto.prng.EntropySource',
+    'org.bouncycastle.crypto.prng.SP800SecureRandom',
+    'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder',
+    'org.bouncycastle.crypto.prng.drbg.SP80090DRBG',
+    'org.bouncycastle.crypto.signers.DSASigner',
+    'org.bouncycastle.crypto.signers.ECDSASigner',
+    'org.bouncycastle.crypto.signers.RSADigestSigner',
+    'org.bouncycastle.crypto.util.PrivateKeyFactory',
+    'org.bouncycastle.crypto.util.PrivateKeyInfoFactory',
+    'org.bouncycastle.crypto.util.PublicKeyFactory',
+    'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory',
+    'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi',
+    'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC',
+    'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi',
+    'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
+    'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
+    // 'org.bouncycastle.jce.ECNamedCurveTable',
+    // 'org.bouncycastle.jce.spec.ECNamedCurveParameterSpec',
+    'org.bouncycastle.math.ec.ECFieldElement',
+    'org.bouncycastle.math.ec.ECPoint',
+    'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
+    'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
+    'org.bouncycastle.util.Arrays',
+    'org.bouncycastle.util.io.Streams',
+    'org.bouncycastle.cert.X509CertificateHolder',
   )
 
   ignoreViolations(
@@ -402,26 +402,21 @@ tasks.named("thirdPartyAudit").configure {
 
 tasks.named("thirdPartyAudit").configure {
   ignoreMissingClasses(
-          'javax.xml.bind.JAXBContext',
-          'javax.xml.bind.JAXBElement',
-          'javax.xml.bind.JAXBException',
-          'javax.xml.bind.Unmarshaller',
-          'javax.xml.bind.UnmarshallerHandler',
-          // Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
-          'org.cryptomator.siv.SivMode',
-          // Optional dependency of nimbus-jose-jwt for handling Ed25519 signatures and ECDH with X25519 (RFC 8037)
-          'com.google.crypto.tink.subtle.Ed25519Sign',
-          'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair',
-          'com.google.crypto.tink.subtle.Ed25519Verify',
-          'com.google.crypto.tink.subtle.X25519',
-          'com.google.crypto.tink.subtle.XChaCha20Poly1305',
-          'com.nimbusds.common.contenttype.ContentType',
-          'javax.activation.ActivationDataFlavor',
-          'javax.activation.DataContentHandler',
-          'javax.activation.DataHandler',
-          'javax.activation.DataSource',
-          'javax.activation.FileDataSource',
-          'javax.activation.FileTypeMap'
+    'javax.xml.bind.JAXBContext',
+    'javax.xml.bind.JAXBElement',
+    'javax.xml.bind.JAXBException',
+    'javax.xml.bind.Unmarshaller',
+    'javax.xml.bind.UnmarshallerHandler',
+    // Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
+    'org.cryptomator.siv.SivMode',
+    'com.nimbusds.common.contenttype.ContentType',
+    'com.nimbusds.common.contenttype.ContentType$Parameter',
+    'javax.activation.ActivationDataFlavor',
+    'javax.activation.DataContentHandler',
+    'javax.activation.DataHandler',
+    'javax.activation.DataSource',
+    'javax.activation.FileDataSource',
+    'javax.activation.FileTypeMap'
   )
 }
 

x-pack/plugin/security/lib/build.gradle

@@ -0,0 +1,13 @@
+// This build deserves an explanation. Nimbus-jose-jwt uses gson internally, which is unfriendly
+// to our usage of the security manager, to a degree that it makes the library extremely difficult
+// to work with safely. The purpose of this build is to create a version of nimbus-jose-jwt with
+// a couple classes replaced with wrappers which work with the security manager, the source files
+// in this directory.
+
+// Because we want to include the original class files so that we can reference them without
+// modification, there are a couple intermediate steps:
+// nimbus-jose-jwt-modified-part1: Create a version of the JAR in which the relevant class files are moved to a different package.
+//      This is not immediately usable as this process rewrites the rest of the JAR to "correctly" reference the new classes. So, we need to...
+// nimbus-jose-jwt-modified-part2: Create a JAR from the result of part 1 which contains *only* the relevant class files by removing everything else.
+// nimbus-jose-jwt-modified: Use the result of part 2 here, combined with the original library, so that we can use our
+//      replacement classes which wrap the original class files.

x-pack/plugin/security/lib/nimbus-jose-jwt-modified-part1/build.gradle

@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+apply plugin: 'elasticsearch.build'
+apply plugin: 'com.github.johnrengelman.shadow'
+
+// See the build.gradle file in the parent directory for an explanation of this unusual build
+
+dependencies {
+  implementation "com.nimbusds:nimbus-jose-jwt:9.37.3"
+}
+
+tasks.named('shadowJar').configure {
+  // Attempting to exclude all of the classes we *don't* move here ought to be possible per the
+  // shadowJar docs, but actually attempting to do so results in an empty JAR. May be a bug in the shadowJar plugin.
+  relocate 'com.nimbusds.jose.util.JSONObjectUtils', 'org.elasticsearch.nimbus.jose.util.JSONObjectUtils'
+  relocate 'com.nimbusds.jose.util.JSONStringUtils', 'org.elasticsearch.nimbus.jose.util.JSONStringUtils'
+}
+
+['jarHell', 'thirdPartyAudit', 'forbiddenApisMain', 'splitPackagesAudit', 'licenseHeaders'].each {
+  tasks.named(it).configure {
+    enabled = false
+  }
+}
+