From 09fec8150fde3366761e01ef0dc5340ca5c45baf Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <Viktor.Kolomeyko@r3.com>
Date: Mon, 9 Oct 2023 11:57:25 +0100
Subject: [PATCH 1/3] CORE-17117: Update version of `commons-compress` to
 address CVE-2023-42503, part 2

Ensure that even the plugins will be using most up-to-date version.

Also update `avroGradlePluginVersion`.
---
 build.gradle      | 7 +++++++
 gradle.properties | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 1009ed2b26..a72af3b2b7 100644
--- a/build.gradle
+++ b/build.gradle
@@ -17,6 +17,13 @@ buildscript {
                 because "required until dokka plugin updates it's internal version of jsoup, not fixed as of dokka 1.7.10"
             }
         }
+        
+        classpath "org.apache.avro:avro:$avroVersion"
+        constraints {
+            classpath("org.apache.commons:commons-compress:$commonsCompressVersion") {
+                because "CVE-2023-42503, current version of Avro uses an outdated version"
+            }
+        }
     }
 }
 
diff --git a/gradle.properties b/gradle.properties
index 69c1c3463c..f70b8d8fd6 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -40,7 +40,7 @@ snakeyamlVersion=2.0
 slf4jVersion = 1.7.36
 
 # Main implementation dependencies
-avroGradlePluginVersion=1.3.0
+avroGradlePluginVersion=1.8.0
 avroVersion = 1.11.3
 commonsCompressVersion = 1.24.0
 bouncycastleVersion = 1.73

From ef1962b1083eb0136cadc80d0afb43f91f44a2fe Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <Viktor.Kolomeyko@r3.com>
Date: Mon, 9 Oct 2023 12:58:17 +0100
Subject: [PATCH 2/3] CORE-17117: Force resolution of Commons Compress

---
 build.gradle                  | 7 -------
 data/avro-schema/build.gradle | 7 +++++++
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/build.gradle b/build.gradle
index a72af3b2b7..1009ed2b26 100644
--- a/build.gradle
+++ b/build.gradle
@@ -17,13 +17,6 @@ buildscript {
                 because "required until dokka plugin updates it's internal version of jsoup, not fixed as of dokka 1.7.10"
             }
         }
-        
-        classpath "org.apache.avro:avro:$avroVersion"
-        constraints {
-            classpath("org.apache.commons:commons-compress:$commonsCompressVersion") {
-                because "CVE-2023-42503, current version of Avro uses an outdated version"
-            }
-        }
     }
 }
 
diff --git a/data/avro-schema/build.gradle b/data/avro-schema/build.gradle
index 96f1e3dded..5708c8e9c0 100644
--- a/data/avro-schema/build.gradle
+++ b/data/avro-schema/build.gradle
@@ -27,6 +27,13 @@ dependencies {
     compileOnly 'org.osgi:osgi.annotation'
 }
 
+configurations.all {
+    resolutionStrategy {
+        // CVE-2023-42503, current version of Avro uses an outdated version
+        force "org.apache.commons:commons-compress:$commonsCompressVersion"
+    }
+}
+
 description 'Data Model Definitions'
 
 def generatedAvroDir = layout.buildDirectory.dir('generated-avro')

From ebec934544c8b4ecea3378275a0509ee45191a2f Mon Sep 17 00:00:00 2001
From: Viktor Kolomeyko <Viktor.Kolomeyko@r3.com>
Date: Mon, 9 Oct 2023 13:25:58 +0100
Subject: [PATCH 3/3] CORE-17117: Revert `avroGradlePluginVersion`

As it generates `SetOwnRegistrationStatus` trying to be clever about UUIDs.
---
 gradle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle.properties b/gradle.properties
index f70b8d8fd6..69c1c3463c 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -40,7 +40,7 @@ snakeyamlVersion=2.0
 slf4jVersion = 1.7.36
 
 # Main implementation dependencies
-avroGradlePluginVersion=1.8.0
+avroGradlePluginVersion=1.3.0
 avroVersion = 1.11.3
 commonsCompressVersion = 1.24.0
 bouncycastleVersion = 1.73