Skip to content

elsdoc-209, refactored java libraries #523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nadezhdafilina wants to merge 3 commits into
base: master
Choose a base branch
from
Open

elsdoc-209, refactored java libraries #523

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5a73b5c
elsdoc-209, refactored java libraries
Nadya2502 Apr 23, 2026
f136e28
Merge remote-tracking branch 'origin/master' into refactor-java-libs
Nadya2502 Apr 30, 2026
8663ac6
updated java pages
Nadya2502 Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 55 additions & 64 deletions docs/els-for-libraries/apache-commons-lang/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,19 @@ TuxCare's Endless Lifecycle Support (ELS) for Apache Commons Lang provides secur
* Apache Commons Lang 2.4, 2.6
* Apache Commons Lang3 3.4, 3.8.1, 3.10, 3.12.0, 3.17.0

## Connection to ELS for Apache Commons Lang Repository
## Installation

This guide outlines the steps needed to integrate the TuxCare ELS for Apache Commons Lang repository into your Java application. The repository provides trusted Java libraries that can be easily integrated into your **Maven** and **Gradle** projects.
<ELSPrerequisites>

### Step 1: Get user credentials
* **Maven** or **Gradle** build tool installed
* Nexus repository access credentials (username and password) — contact [sales@tuxcare.com](mailto:sales@tuxcare.com)
* To browse available artifacts, visit TuxCare [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) and click Sign in in the top right corner. You may need to refresh the page after logging in.

You need a username and password in order to use the TuxCare ELS Apache Commons Lang repository. Anonymous access is disabled. To receive a username and password please contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
</ELSPrerequisites>

### Step 2: Configure Registry
<ELSSteps>

1. Navigate to the directory depending on your operating system.
1. **Navigate to the build tool directory**
* Windows
```text
Maven: C:\Users\{username}\.m2
Expand All @@ -34,7 +36,7 @@ You need a username and password in order to use the TuxCare ELS Apache Commons
Gradle: /home/{username}/.gradle
```

2. Add the TuxCare repository and plugin repository to your build configuration.
2. **Configure credentials**

:::tip
For Maven, you may choose any valid `<id>` value instead of `tuxcare-registry`, but the same value must be used in both `settings.xml` and `pom.xml`.
Expand All @@ -45,99 +47,88 @@ You need a username and password in order to use the TuxCare ELS Apache Commons
{ title: 'Gradle (~/.gradle/gradle.properties)', content: gradlecreds }
]" />

Here `USERNAME` and `PASSWORD` are your credentials mentioned in [Step 1](#step-1-get-user-credentials).
Here `USERNAME` and `PASSWORD` are your Tuxcare credentials.

### Step 3: Update Build Configuration
3. **Add the TuxCare repository**

Add the TuxCare Apache Commons Lang repository and plugins to your build configuration:
Add the TuxCare Apache Commons Lang repository and plugins to your build configuration.

<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenrepo },
{ title: 'Gradle (build.gradle)', content: gradlerepo }
]" />
<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenrepo },
{ title: 'Gradle (build.gradle)', content: gradlerepo }
]" />

* To fully switch from the official Apache Commons Lang repository, replace it with the TuxCare repository.
* To keep both, add TuxCare after the official one.
* To fully switch from the official Apache Commons Lang repository, replace it with the TuxCare repository.
* To keep both, add TuxCare after the official one.

Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables.
* [Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven)
* [Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle)
:::tip
Example **[Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven)** and **[Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle)** projects are available on GitHub. Ensure the required environment variables are set.
:::

### Step 4: Update Dependencies
4. **Update dependencies**

Replace the Apache Commons Lang dependencies in your build file with the TuxCare-maintained versions to cover both direct and transitive dependencies.
Replace Apache Commons Lang dependencies with TuxCare-maintained versions. You can find artifact versions on [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) — sign in with your TuxCare credentials.

You can find a specific artifact version in your TuxCare account on [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java). Click **Sign In** in the top right corner to authenticate with your TuxCare credentials. After logging in, you may need to refresh or reopen the link to browse artifacts due to Nexus routing behavior.
<TableTabs label="Choose version: " >
<TableTabs label="Choose version: " >

<template #Commons_Lang>
<template #Commons_Lang>

<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenDepsLang },
{ title: 'Gradle (build.gradle)', content: gradleDepsLang }
]" />
<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenDepsLang },
{ title: 'Gradle (build.gradle)', content: gradleDepsLang }
]" />

</template>
</template>

<template #Commons_Lang3>
<template #Commons_Lang3>

<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenDepsLang3 },
{ title: 'Gradle (build.gradle)', content: gradleDepsLang3 }
]" />
<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenDepsLang3 },
{ title: 'Gradle (build.gradle)', content: gradleDepsLang3 }
]" />

</template>
</template>

</TableTabs>
</TableTabs>

### Step 5: Verify and Build
5. **Verify and build**

1. To confirm the TuxCare Apache Commons Lang repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath.
Verify the setup:

<CodeTabs :tabs="[
{ title: 'Maven', content: `mvn dependency:tree -Dverbose` },
{ title: 'Gradle', content: `./gradlew dependencies --configuration runtimeClasspath` }
]" />

2. After reviewing the dependencies, include any library from the repository into your project and then run a build:
Build the project:

<CodeTabs :tabs="[
{ title: 'Maven', content: `mvn clean install` },
{ title: 'Gradle', content: `./gradlew build` }
{ title: 'Maven', content: `mvn clean install` },
{ title: 'Gradle', content: `./gradlew build` }
]" />

The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Apache Commons Lang repository.

### Conclusion

You've successfully integrated the TuxCare ELS for Apache Commons Lang repository into your project. You can now benefit from the secure and vetted Apache Commons Lang libraries it provides.

## Vulnerability Exploitability eXchange (VEX)
The build tool should be able to identify and resolve dependencies from the TuxCare ELS for Apache Commons Lang repository.

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks.
</ELSSteps>

TuxCare provides VEX for Apache Commons Lang ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_java/commons-lang/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/commons-lang/).

## How to Upgrade to a Newer Version of TuxCare Packages

If you have already installed a package with a `tuxcare.1` suffix and want to upgrade to a newer release (for example, `tuxcare.3`), you need to update version strings in your Maven or Gradle build file.

## Source Code

Source code for TuxCare-patched Apache Commons Lang libraries is available in the repository. Source JARs follow the standard Maven naming convention with a `-sources` classifier.

For example: [https://nexus.repo.tuxcare.com/repository/els_java/commons-lang/commons-lang/2.6-tuxcare.1/commons-lang-2.6-tuxcare.1-sources.jar](https://nexus.repo.tuxcare.com/repository/els_java/commons-lang/commons-lang/2.6-tuxcare.1/commons-lang-2.6-tuxcare.1-sources.jar).

:::tip
If a source JAR is not available for a specific package, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com) to report the issue.
:::

## Resolved CVEs in ELS for Apache Commons Lang

<ClientOnly>
<ResolvedCveTable project="commons-lang" />
</ClientOnly>

## What's Next?

<WhatsNext hide-title>

* ![](/images/shield.webp) [Available fixes](https://tuxcare.com/cve-tracker/fixes?product=Apache+Commons+Lang) — Patched versions and changelogs
* ![](/images/shield-alert.webp) [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/commons-lang/) — Vulnerability Exploitability eXchange feed
* ![](/images/unlock-alt.webp) [Source code](https://nexus.repo.tuxcare.com/#browse/browse:els_java:commons-lang) — Nexus repository (credentials required)
* ![](/images/wrench.webp) [Managing the ELS repository](/els-for-libraries/managing-els-repository/) — Update to newer versions

</WhatsNext>

<script setup>
const mavencreds =
`<?xml version="1.0" encoding="UTF-8"?>
Expand Down
121 changes: 56 additions & 65 deletions docs/els-for-libraries/apache-cxf/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,19 @@ TuxCare's Endless Lifecycle Support (ELS) for Apache CXF provides security patch

* Apache CXF 3.5.9, 3.5.11

## Connection to ELS for Apache CXF Repository
## Installation

This guide outlines the steps needed to integrate the TuxCare ELS for Apache CXF repository into your Java application. The repository provides trusted Java libraries that can be easily integrated into your **Maven** and **Gradle** projects.
<ELSPrerequisites>

### Step 1: Get user credentials
* **Maven** or **Gradle** build tool installed
* Nexus repository access credentials (username and password) — contact [sales@tuxcare.com](mailto:sales@tuxcare.com)
* To browse available artifacts, visit TuxCare [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) and click Sign in in the top right corner. You may need to refresh the page after logging in.

You need a username and password in order to use the TuxCare ELS Apache CXF repository. Anonymous access is disabled. To receive a username and password please contact [sales@tuxcare.com](mailto:sales@tuxcare.com).
</ELSPrerequisites>

### Step 2: Configure Registry
<ELSSteps>

1. Navigate to the directory depending on your operating system.
1. **Navigate to the build tool directory**
* Windows
```text
Maven: C:\Users\{username}\.m2
Expand All @@ -33,7 +35,7 @@ You need a username and password in order to use the TuxCare ELS Apache CXF repo
Gradle: /home/{username}/.gradle
```

2. Add the TuxCare repository and plugin repository to your build configuration.
2. **Configure credentials**

:::tip
For Maven, you may choose any valid `<id>` value instead of `tuxcare-registry`, but the same value must be used in both `settings.xml` and `pom.xml`.
Expand All @@ -44,100 +46,89 @@ You need a username and password in order to use the TuxCare ELS Apache CXF repo
{ title: 'Gradle (~/.gradle/gradle.properties)', content: gradlecreds }
]" />

Here `USERNAME` and `PASSWORD` are your credentials mentioned in [Step 1](#step-1-get-user-credentials).
Here `USERNAME` and `PASSWORD` are your Tuxcare credentials.

### Step 3: Update Build Configuration
3. **Add the TuxCare repository**

Add the TuxCare Apache CXF repository and plugins to your build configuration:
Add the TuxCare Apache CXF repository and plugins to your build configuration.

<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenrepo },
{ title: 'Gradle (build.gradle)', content: gradlerepo }
]" />

* To fully switch from the official Apache CXF repository, replace it with the TuxCare repository.
* To keep both, add TuxCare after the official one.
<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavenrepo },
{ title: 'Gradle (build.gradle)', content: gradlerepo }
]" />

Example Maven and Gradle projects are available on GitHub. Remember to set the required environment variables.
* [Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven)
* [Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle)
* To fully switch from the official Apache CXF repository, replace it with the TuxCare repository.
* To keep both, add TuxCare after the official one.

### Step 4: Update Dependencies
:::tip
Example **[Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven)** and **[Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle)** projects are available on GitHub. Ensure the required environment variables are set.
:::

Replace the Apache CXF dependencies in your build file with the TuxCare-maintained versions to cover both direct and transitive dependencies.
4. **Update dependencies**

You can find a specific artifact version in your TuxCare account on [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java). Click **Sign In** in the top right corner to authenticate with your TuxCare credentials. After logging in, you may need to refresh or reopen the link to browse artifacts due to Nexus routing behavior.
Replace Apache CXF dependencies with TuxCare-maintained versions. You can find artifact versions on [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) — sign in with your TuxCare credentials.

<TableTabs label="Choose a version: " >
<TableTabs label="Choose a version: " >

<template #3.5.9>
<template #3.5.9>

<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavendeps_359 },
{ title: 'Gradle (build.gradle)', content: gradledeps_359 }
]" />
<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavendeps_359 },
{ title: 'Gradle (build.gradle)', content: gradledeps_359 }
]" />

</template>
</template>

<template #3.5.11>
<template #3.5.11>

<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavendeps_3511 },
{ title: 'Gradle (build.gradle)', content: gradledeps_3511 }
]" />
<CodeTabs :tabs="[
{ title: 'Maven (pom.xml)', content: mavendeps_3511 },
{ title: 'Gradle (build.gradle)', content: gradledeps_3511 }
]" />

</template>
</template>

</TableTabs>
</TableTabs>

### Step 5: Verify and Build
5. **Verify and build**

1. To confirm the TuxCare Apache CXF repository is set up correctly, use your build tool to list the project's dependencies. It shows both direct and transitive dependencies in the classpath.
Verify the setup:

<CodeTabs :tabs="[
{ title: 'Maven', content: `mvn dependency:tree -Dverbose` },
{ title: 'Gradle', content: `./gradlew dependencies --configuration runtimeClasspath` }
]" />

2. After reviewing the dependencies, include any library from the repository into your project and then run a build:
Build the project:

<CodeTabs :tabs="[
{ title: 'Maven', content: `mvn clean install` },
{ title: 'Gradle', content: `./gradlew build` }
{ title: 'Maven', content: `mvn clean install` },
{ title: 'Gradle', content: `./gradlew build` }
]" />

The build tool you're using should be able to identify and resolve dependencies from the TuxCare ELS for Apache CXF repository.

### Conclusion

You've successfully integrated the TuxCare ELS for Apache CXF repository into your project. You can now benefit from the secure and vetted Apache CXF libraries it provides.
The build tool should be able to identify and resolve dependencies from the TuxCare ELS for Apache CXF repository.

## Vulnerability Exploitability eXchange (VEX)
</ELSSteps>

VEX is a machine-readable format that tells you if a known vulnerability is actually exploitable in your product. It reduces false positives and helps prioritize real risks.

TuxCare provides VEX for Apache CXF ELS versions: [security.tuxcare.com/vex/cyclonedx/els_lang_java/org.apache.cxf/](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/org.apache.cxf/).

## How to Upgrade to a Newer Version of TuxCare Packages

If you have already installed a package with a `tuxcare.1` suffix and want to upgrade to a newer release (for example, `tuxcare.3`), you need to update version strings in your Maven or Gradle build file.

## Source Code

Source code for TuxCare-patched Apache CXF libraries is available in the repository. Source JARs follow the standard Maven naming convention with a `-sources` classifier.

For example: [https://nexus.repo.tuxcare.com/repository/els_java/org/apache/cxf/cxf-core/3.5.9-tuxcare.2/cxf-core-3.5.9-tuxcare.2-sources.jar](https://nexus.repo.tuxcare.com/repository/els_java/org/apache/cxf/cxf-core/3.5.9-tuxcare.2/cxf-core-3.5.9-tuxcare.2-sources.jar).

:::tip
If a source JAR is not available for a specific package, please contact [sales@tuxcare.com](mailto:sales@tuxcare.com) to report the issue.
:::

## Resolved CVEs in ELS for Apache CXF

<ClientOnly>
<ResolvedCveTable project="apache-cxf" />
</ClientOnly>

## What's Next?

<WhatsNext hide-title>

* ![](/images/eye.webp) [CVE tracker](https://tuxcare.com/cve-tracker/?product=Apache+CXF) — Track vulnerability fixes and updates
* ![](/images/clipboard-notes.webp) [Supported components](https://tuxcare.com/cve-tracker/products?product=Apache+CXF) — Full list of product parts covered by ELS
* ![](/images/shield-alert.webp) [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/org.apache.cxf/) — Vulnerability Exploitability eXchange feed
* ![](/images/unlock-alt.webp) [Source code](https://nexus.repo.tuxcare.com/#browse/browse:els_java:org) — Nexus repository (credentials required)
* ![](/images/wrench.webp) [Managing the ELS repository](/els-for-libraries/managing-els-repository/) — Update to newer versions

</WhatsNext>

<script setup>
const mavencreds =
`<?xml version="1.0" encoding="UTF-8"?>
Expand Down
Loading