Update to Version v3.3.4 (#224)

Author: kamyarz-aws

CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.4] - 2025-02-06
+ 
+### Security
+- `path-to-regexp` to mitigate [CVE-2024-52798]
+- `nanoid` to mitigate [CVE-2024-55565]
+
+### Fixed
+
+- Update tika-core to v1.28.4 to fix upload file issues in jmeter scripts 
+
 ## [3.3.3] - 2024-11-22
 
 ### Security

VERSION.txt

@@ -1 +1 @@
-3.3.3
+3.3.4

deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile

@@ -1,4 +1,4 @@
-FROM blazemeter/taurus:1.16.34
+FROM blazemeter/taurus:1.16.38
 # taurus includes python and pip
 RUN /usr/bin/python3 -m pip install --upgrade pip
 RUN pip install --no-cache-dir awscli
@@ -58,5 +58,11 @@ RUN pip install --upgrade idna Flask_Cors
 RUN rm -rf /root/.bzt/python-packages/3.10.12/idna* /root/.bzt/python-packages/3.10.12/Flask_Cors*
 RUN cp -r /usr/local/lib/python3.10/dist-packages/idna* /usr/local/lib/python3.10/dist-packages/Flask_Cors* /root/.bzt/python-packages/3.10.12/
 
+# Bumping the version of NPM to remove possible vulnerabilities
+RUN npm install -g npm
+
+# Remove unused poetry.lock file to resolve multiple CVEs
+RUN rm -f /root/.bzt/python-packages/3.10.12/poetry.lock
+
 WORKDIR /bzt-configs/
 ENTRYPOINT ["./load-test.sh"]

deployment/ecr/distributed-load-testing-on-aws-load-tester/jar_updater.py

@@ -5,7 +5,6 @@
 
 from bzt.modules.jmeter import JarCleaner
 
-
 """
 jar_updater.py updates following jar files to address CVEs on the taurus image. this is not DLT application code. 
 the script may be removed once taurus updates the libraries on the image.
@@ -17,10 +16,9 @@
     * batik-transcoder v1.14 will be replaced with v1.17
     * lets-plot-batik v2.2.1 will be replaced with 4.2.0
     * commons-net v3.8.0 will be replaced with v3.9.0
-    * tika-core v1.28.3 will be replaced with v3.0.0
+    * tika-core v1.28.3 will be replaced with v1.28.4
     * json-path v2.7.0 will be replaced with v2.9.0
     * dnsjava v2.1.9 will be replaced with v3.6.1
-
 Also jmeter plugins manager will be updated to v1.10 to address CVEs and cmdrunner will be updated to v2.3 to accomodate with plugins manager.
 """
 
@@ -35,7 +33,7 @@
     "batik-transcoder": "org/apache/xmlgraphics/batik-transcoder/1.17/batik-transcoder-1.17.jar",
     "lets-plot-batik":  "org/jetbrains/lets-plot/lets-plot-batik/4.2.0/lets-plot-batik-4.2.0.jar",
     "commons-net": "commons-net/commons-net/3.9.0/commons-net-3.9.0.jar",
-    "tika-core": "org/apache/tika/tika-core/3.0.0/tika-core-3.0.0.jar",
+    "tika-core": "org/apache/tika/tika-core/1.28.4/tika-core-1.28.4.jar",
     "json-path": "com/jayway/jsonpath/json-path/2.9.0/json-path-2.9.0.jar",
     "dnsjava": "dnsjava/dnsjava/3.6.1/dnsjava-3.6.1.jar"
 }

deployment/ecr/distributed-load-testing-on-aws-load-tester/load-test.sh

@@ -95,6 +95,8 @@ if [ -z "$IPNETWORK" ]; then
     wait $pypid
     pypid=0
 else 
+    aws s3 cp s3://$S3_BUCKET/Container_IPs/${TEST_ID}_IPHOSTS_${AWS_REGION}.txt ./ --region $MAIN_STACK_REGION
+    export IPHOSTS=$(cat ${TEST_ID}_IPHOSTS_${AWS_REGION}.txt)
     python3 -u $SCRIPT $IPNETWORK $IPHOSTS
 fi
 

source/api-services/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "api-services",
-  "version": "3.3.3",
+  "version": "3.3.4",
   "description": "REST API micro services",
   "repository": {
     "type": "git",