[maven-release-plugin][skip ci] prepare release 23.7.0.1

MNT-25359 Validating and Sanitizing the comment before posting to prevent any XSS attack

amps/ags/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo-amps</artifactId>
-      <version>23.6.0.24</version>
+      <version>23.7.0.1</version>
    </parent>
 
    <modules>

amps/ags/rm-automation/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>23.6.0.24</version>
+      <version>23.7.0.1</version>
    </parent>
 
    <modules>

amps/ags/rm-automation/rm-automation-community-rest-api/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-automation-community-repo</artifactId>
-      <version>23.6.0.24</version>
+      <version>23.7.0.1</version>
    </parent>
 
    <build>

amps/ags/rm-community/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>23.6.0.24</version>
+      <version>23.7.0.1</version>
    </parent>
 
    <modules>

amps/ags/rm-community/rm-community-repo/.env

@@ -1,3 +1,3 @@
-SOLR6_TAG=2.0.13
+SOLR6_TAG=2.0.17
 POSTGRES_TAG=15.4
 ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8

amps/ags/rm-community/rm-community-repo/pom.xml

@@ -8,7 +8,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-      <version>23.6.0.24</version>
+      <version>23.7.0.1</version>
    </parent>
 
    <properties>

amps/ags/rm-community/rm-community-repo/test/resources/alfresco/version.properties

@@ -4,7 +4,7 @@
 
 # Version label
 version.major=23
-version.minor=6
+version.minor=7
 version.revision=0
 version.label=
 

amps/ags/rm-community/rm-community-rest-api-explorer/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <build>

amps/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <modules>

amps/share-services/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-amps</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <properties>

core/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo</artifactId>
-      <version>23.6.0.24</version>
+      <version>23.7.0.1</version>
    </parent>
 
    <dependencies>

data-model/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <properties>

mmt/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <dependencies>

packaging/distribution/pom.xml

@@ -9,6 +9,6 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 </project>

packaging/docker-alfresco/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <properties>

packaging/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <modules>

packaging/tests/environment/.env

@@ -1,3 +1,3 @@
-SOLR6_TAG=2.0.13
+SOLR6_TAG=2.0.17
 POSTGRES_TAG=15.4
 ACTIVEMQ_TAG=5.18.3-jre17-rockylinux8

packaging/tests/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <modules>

packaging/tests/tas-cmis/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <organization>

packaging/tests/tas-email/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <developers>

packaging/tests/tas-integration/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <developers>

packaging/tests/tas-restapi/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <properties>

packaging/tests/tas-webdav/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <developers>

packaging/war/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <properties>

pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>alfresco-community-repo</artifactId>
-    <version>23.6.0.24</version>
+    <version>23.7.0.1</version>
     <packaging>pom</packaging>
     <name>Alfresco Community Repo Parent</name>
 
@@ -24,7 +24,7 @@
 
     <properties>
         <acs.version.major>23</acs.version.major>
-        <acs.version.minor>6</acs.version.minor>
+        <acs.version.minor>7</acs.version.minor>
         <acs.version.revision>0</acs.version.revision>
         <acs.version.label />
         <amp.min.version>${acs.version.major}.0.0</amp.min.version>
@@ -51,14 +51,14 @@
         <dependency.alfresco-server-root.version>7.0.1</dependency.alfresco-server-root.version>
         <dependency.activiti-engine.version>5.23.0</dependency.activiti-engine.version>
         <dependency.activiti.version>5.23.0</dependency.activiti.version>
-        <dependency.alfresco-transform-core.version>5.2.2-A.4</dependency.alfresco-transform-core.version>
-        <dependency.alfresco-transform-service.version>4.2.2-A.2</dependency.alfresco-transform-service.version>
+        <dependency.alfresco-transform-core.version>5.2.2</dependency.alfresco-transform-core.version>
+        <dependency.alfresco-transform-service.version>4.2.2</dependency.alfresco-transform-service.version>
         <dependency.alfresco-greenmail.version>7.0</dependency.alfresco-greenmail.version>
         <dependency.acs-event-model.version>0.0.33</dependency.acs-event-model.version>
 
         <dependency.aspectj.version>1.9.22.1</dependency.aspectj.version>
-        <dependency.spring.version>6.2.8</dependency.spring.version>
-        <dependency.spring-security.version>6.3.9</dependency.spring-security.version>
+        <dependency.spring.version>6.2.11</dependency.spring.version>
+        <dependency.spring-security.version>6.4.11</dependency.spring-security.version>
         <dependency.antlr.version>3.5.3</dependency.antlr.version>
         <dependency.jackson.version>2.17.2</dependency.jackson.version>
         <dependency.cxf.version>4.1.2</dependency.cxf.version>
@@ -113,7 +113,7 @@
         <dependency.jakarta-json-path.version>2.9.0</dependency.jakarta-json-path.version>
         <dependency.json-smart.version>2.5.2</dependency.json-smart.version>
         <alfresco.googledrive.version>4.1.0</alfresco.googledrive.version>
-        <alfresco.aos-module.version>3.3.0</alfresco.aos-module.version>
+        <alfresco.aos-module.version>3.4.0</alfresco.aos-module.version>
         <alfresco.api-explorer.version>23.4.0</alfresco.api-explorer.version> <!-- Also in alfresco-enterprise-share -->
 
         <alfresco.maven-plugin.version>2.2.0</alfresco.maven-plugin.version>
@@ -154,7 +154,7 @@
         <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection>
         <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection>
         <url>https://github.com/Alfresco/alfresco-community-repo</url>
-        <tag>23.6.0.24</tag>
+        <tag>23.7.0.1</tag>
     </scm>
 
     <distributionManagement>

remote-api/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <dependencies>

remote-api/src/main/java/org/alfresco/repo/web/scripts/comments/CommentsPost.java

@@ -2,7 +2,7 @@
  * #%L
  * Alfresco Remote API
  * %%
- * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * Copyright (C) 2005 - 2025 Alfresco Software Limited
  * %%
  * This file is part of the Alfresco software. 
  * If the software was purchased under a paid Alfresco license, the terms of 
@@ -31,6 +31,14 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.lang3.StringUtils;
+import org.json.simple.JSONObject;
+import org.owasp.html.PolicyFactory;
+import org.owasp.html.Sanitizers;
+import org.springframework.extensions.webscripts.Cache;
+import org.springframework.extensions.webscripts.Status;
+import org.springframework.extensions.webscripts.WebScriptRequest;
+
 import org.alfresco.model.ContentModel;
 import org.alfresco.model.ForumModel;
 import org.alfresco.repo.content.MimetypeMap;
@@ -44,10 +52,6 @@ import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.namespace.RegexQNamePattern;
-import org.json.simple.JSONObject;
-import org.springframework.extensions.webscripts.Cache;
-import org.springframework.extensions.webscripts.Status;
-import org.springframework.extensions.webscripts.WebScriptRequest;
 
 /**
  * This class is the controller for the comments.post web script.
@@ -66,6 +70,19 @@ public class CommentsPost extends AbstractCommentsWebScript
         // get json object from request
         JSONObject json = parseJSON(req);
 
+        // Validating and Sanitizing comment content to prevent XSS
+        String commentContent = getOrNull(json, "content");
+        if (StringUtils.isBlank(commentContent))
+        {
+            throw new IllegalArgumentException("Comment content must not be empty");
+        }
+        else
+        {
+            PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
+            String safeContent = policy.sanitize(commentContent);
+            json.replace("content", safeContent);
+        }
+
         /* MNT-10231, MNT-9771 fix */
         this.behaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE);
 
@@ -229,8 +246,7 @@ public class CommentsPost extends AbstractCommentsWebScript
      */
     private NodeRef createCommentsFolder(final NodeRef nodeRef)
     {
-        NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>()
-        {
+        NodeRef commentsFolder = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<NodeRef>() {
             public NodeRef doWork() throws Exception
             {
                 NodeRef commentsFolder = null;

repository/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>23.6.0.24</version>
+        <version>23.7.0.1</version>
     </parent>
 
     <dependencies>

repository/src/main/java/org/alfresco/repo/event2/EventConsolidator.java

@@ -2,7 +2,7 @@
  * #%L
  * Alfresco Repository
  * %%
- * Copyright (C) 2005 - 2023 Alfresco Software Limited
+ * Copyright (C) 2005 - 2025 Alfresco Software Limited
  * %%
  * This file is part of the Alfresco software.
  * If the software was purchased under a paid Alfresco license, the terms of
@@ -39,8 +39,10 @@ import org.alfresco.service.namespace.QName;
 /**
  * Encapsulates events occurred in a single transaction.
  *
- * @param <REF> entity (e.g. node, child association, peer association) reference type
- * @param <RES> entity resource type
+ * @param <REF>
+ *            entity (e.g. node, child association, peer association) reference type
+ * @param <RES>
+ *            entity resource type
  */
 public abstract class EventConsolidator<REF extends EntityRef, RES extends Resource>
 {
@@ -90,23 +92,31 @@ public abstract class EventConsolidator<REF extends EntityRef, RES extends Resou
     /**
      * Builds and returns the {@link RepoEvent} instance.
      *
-     * @param eventInfo the object holding the event information
+     * @param eventInfo
+     *            the object holding the event information
      * @return the {@link RepoEvent} instance
      */
     public RepoEvent<DataAttributes<RES>> getRepoEvent(EventInfo eventInfo)
+    {
+        final RepoEvent.Builder<DataAttributes<RES>> builder = RepoEvent.builder();
+
+        configureRepoEventBuilder(builder, eventInfo);
+
+        return builder.build();
+    }
+
+    protected void configureRepoEventBuilder(RepoEvent.Builder<DataAttributes<RES>> builder, EventInfo eventInfo)
     {
         EventType eventType = getDerivedEvent();
 
         DataAttributes<RES> eventData = buildEventData(eventInfo, resource, eventType);
 
-        return RepoEvent.<DataAttributes<RES>>builder()
-            .setId(eventInfo.getId())
+        builder.setId(eventInfo.getId())
                 .setSource(eventInfo.getSource())
                 .setTime(eventInfo.getTimestamp())
                 .setType(eventType.getType())
                 .setData(eventData)
-            .setDataschema(EventJSONSchema.getSchemaV1(eventType))
-            .build();
+                .setDataschema(EventJSONSchema.getSchemaV1(eventType));
     }
 
     /**

repository/src/main/resources/alfresco/repository.properties

@@ -3,7 +3,7 @@
 repository.name=Main Repository
 
 # Schema number
-version.schema=19500
+version.schema=19600
 
 # Directory configuration