Merge branch 'development' into fix/snyk

Author: reeshika-h

.gitignore

@@ -272,3 +272,5 @@ src/main/resources/
 /src/main/java/com/contentstack/sdk/models/
 /.vscode/
 /.vscode/
+/docs/
+INTEGRATION-TESTS-GUIDE.md

CHANGELOG.md

@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## v2.3.2
+
+### Jan 05, 2026
+- Snyk Fixes
+
 ## v2.3.1
 
 ### Date: 03-Nov-2025

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2012 - 2025 Contentstack
+Copyright (c) 2012 - 2026 Contentstack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.contentstack.sdk</groupId>
     <artifactId>java</artifactId>
-    <version>2.3.1</version>
+    <version>2.3.2</version>
     <packaging>jar</packaging>
     <name>contentstack-java</name>
     <description>Java SDK for Contentstack Content Delivery API</description>
@@ -172,6 +172,13 @@
             <artifactId>json-simple</artifactId>
             <version>${json-simple-version}</version>
             <scope>compile</scope>
+            <!-- Exclude junit - it was incorrectly included as compile dep in json-simple -->
+            <exclusions>
+                <exclusion>
+                    <groupId>junit</groupId>
+                    <artifactId>junit</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -215,6 +222,34 @@
                 <artifactId>kotlin-stdlib</artifactId>
                 <version>2.1.0</version> 
             </dependency>
+            <!-- Fix CVE-2025-48924: Uncontrolled Recursion in commons-lang3 -->
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-lang3</artifactId>
+                <version>3.18.0</version>
+            </dependency>
+            <!-- Fix Spring vulnerabilities from contentstack-utils transitive deps -->
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-core</artifactId>
+                <version>6.2.11</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-beans</artifactId>
+                <version>6.2.11</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-web</artifactId>
+                <version>6.2.11</version>
+            </dependency>
+            <!-- Fix CVE-2020-15250: junit pulled by json-simple -->
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>4.13.2</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <build>
@@ -277,13 +312,38 @@
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>2.22.2</version>
                 <configuration>
-                    <!-- Run only API tests (*IT.java) by default -->
-                    <includes>
-                        <include>**/*IT.java</include>
-                    </includes>
+                    <!-- Tests are skipped by default; use -Dtest to specify which tests to run -->
+                    <!-- Example: -Dtest='*IT' for integration tests, -Dtest='Test*' for unit tests -->
                     <skipTests>true</skipTests>
+                    <!-- OPTIMIZED: Parallel execution with controlled concurrency -->
+                    <parallel>classes</parallel>
+                    <threadCount>4</threadCount>
+                    <perCoreThreadCount>false</perCoreThreadCount>
+                    <useUnlimitedThreads>false</useUnlimitedThreads>
+                    <!-- Reuse forks for better performance -->
+                    <reuseForks>true</reuseForks>
+                    <forkCount>2</forkCount>
+                    <!-- Increase timeout for slow tests -->
+                    <forkedProcessTimeoutInSeconds>500</forkedProcessTimeoutInSeconds>
+                    <!-- Better memory management -->
+                    <!-- @{argLine} allows JaCoCo to inject its agent -->
+                    <argLine>@{argLine} -Xmx2048m -XX:MaxMetaspaceSize=512m</argLine>
                 </configuration>
             </plugin>
+            
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.22.2</version>
+                <executions>
+                    <execution>
+                        <phase>test</phase>
+                        <goals>
+                            <goal>report-only</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -382,7 +442,7 @@
                         </goals>
                         <configuration>
                             <dataFile>target/jacoco.exec</dataFile>
-                            <outputDirectory>target/jacoco-ut</outputDirectory>
+                            <!-- outputDirectory removed - uses default: target/site/jacoco/ -->
                         </configuration>
                     </execution>
                 </executions>