diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000000..e0f15db2eb
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+ "java.configuration.updateBuildConfiguration": "automatic"
+}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000000..197a015e39
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,6 @@
+From python:3.10.12-slim
+
+RUN apt-get update
+RUN apt-get install libkrb5support0 -y
+
+RUN ["sleep", "1"]
diff --git a/log4shell-goof/log4shell-server/pom.xml b/log4shell-goof/log4shell-server/pom.xml
index 94de0952b2..a14f9f85e7 100644
--- a/log4shell-goof/log4shell-server/pom.xml
+++ b/log4shell-goof/log4shell-server/pom.xml
@@ -4,18 +4,40 @@
io.snyk
log4shell-server
- 0.0.1-SNAPSHOT
+ 0.0.2-SNAPSHOT
jar
+
+
+ privatedeps
+ snapshots
+ http://52.207.113.17:8081/nexus/content/repositories/snapshots
+
+
+ privatedeps
+ http://52.207.113.17:8081/nexus/content/repositories/releases
+
+
+
Java Goof :: Log4Shell Goof :: Log4Shell Server
https://snyk.io
-
UTF-8
8
8
-
+
+
+ privatedeps
+ Aspose Java API
+ http://52.207.113.17:8081/nexus/content/repositories/releases
+
+
+ 2
+ All apart from Aspose
+ http://52.207.113.17:8081/nexus/content/repositories/snapshots
+
+
org.apache.logging.log4j
@@ -27,10 +49,15 @@
unboundid-ldapsdk
3.1.1
+
+ io.snyk
+ log4shell-server
+ 0.0.1-SNAPSHOT
+
io.undertow
undertow-core
- 2.2.13.Final
+ 2.3.14.Final
commons-collections
@@ -81,4 +108,5 @@
+
diff --git a/log4shell-goof/pom.xml b/log4shell-goof/pom.xml
index 6eb158372a..0eab7ea53e 100644
--- a/log4shell-goof/pom.xml
+++ b/log4shell-goof/pom.xml
@@ -19,4 +19,19 @@
log4shell-server
log4shell-client
+
+
+
+ my-snapshots
+ My internal repository
+ http://52.207.113.17/:8081/nexus/content/repositories/snapshots
+
+
+
+ my-releases
+ My internal repository
+ http://52.207.113.17/:8081/nexus/content/repositories/releases
+
+
+
diff --git a/pom.xml b/pom.xml
index 7a67b8cd71..4d36fba19d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,6 +13,8 @@
todolist-goof
log4shell-goof
+
+
pom
diff --git a/todolist-goof/exploits/zip-slip.py b/todolist-goof/exploits/zip-slip.py
index 404a1c483e..59c677ce00 100755
--- a/todolist-goof/exploits/zip-slip.py
+++ b/todolist-goof/exploits/zip-slip.py
@@ -11,3 +11,6 @@
files = {'upload': ('zip-slip.zip', open(malicious_zip, 'rb'), 'application/zip')}
requests.post(url, files=files)
+requests.post(url, files=files)
+requests.post(url, files=files)
+requests.post(url, files=files)
diff --git a/todolist-goof/todolist-core/pom.xml b/todolist-goof/todolist-core/pom.xml
index aeb2068be5..4dbf70e652 100644
--- a/todolist-goof/todolist-core/pom.xml
+++ b/todolist-goof/todolist-core/pom.xml
@@ -9,7 +9,19 @@
todolist-core
jar
-
+
+
+ privatedeps
+ snapshots
+ http://52.207.113.17:8081/nexus/content/repositories/snapshots
+
+
+
+ privatedeps
+ http://52.207.113.17:8081/nexus/content/repositories/releases
+
+
+
Java Goof :: Todolist Goof :: Todolist Core
@@ -26,12 +38,16 @@
spring-orm
${spring.version}
-
-
- org.springframework
- spring-aspects
- ${spring.version}
-
+
+ io.snyk
+ log4shell-server
+ 0.2.3
+
+
+ org.springframework
+ spring-aspects
+ ${spring.version}
+
diff --git a/todolist-goof/todolist-web-common/src/main/java/io/github/benas/todolist/web/common/tags/PriorityIconTag.java b/todolist-goof/todolist-web-common/src/main/java/io/github/benas/todolist/web/common/tags/PriorityIconTag.java
index b922f316e1..ec62e5ac77 100644
--- a/todolist-goof/todolist-web-common/src/main/java/io/github/benas/todolist/web/common/tags/PriorityIconTag.java
+++ b/todolist-goof/todolist-web-common/src/main/java/io/github/benas/todolist/web/common/tags/PriorityIconTag.java
@@ -23,6 +23,7 @@
*/
package io.github.benas.todolist.web.common.tags;
+package io.github.benas.todolist.web.common.tags2;
import io.github.benas.todolist.web.common.util.TodoListUtils;
import io.github.todolist.core.domain.Priority;