embedded-database-spring-test Spring 5.3.26/5.2.23, Spring Boot 2.7.10/2.6.14

Spring 5.3.26/5.2.23, Spring Boot 2.7.10/2.6.14

Open julianladisch opened this issue 1 year ago • 0 comments

Upgrade Spring and Spring Boot to the latest patch version for the given minor version.

This upgrades several vulnerable dependencies:

json-smart from 2.4.8 to 2.4.10 fixing Denial of Service (DoS): https://nvd.nist.gov/vuln/detail/CVE-2023-1370

snakeyaml from 1.17 to 1.33 fixing Denial of Service (DoS), Arbitrary Code Execution and Stack-based Buffer Overflow: https://nvd.nist.gov/vuln/detail/CVE-2017-18640 https://nvd.nist.gov/vuln/detail/CVE-2022-25857 https://nvd.nist.gov/vuln/detail/CVE-2022-1471 https://nvd.nist.gov/vuln/detail/CVE-2022-38751 https://nvd.nist.gov/vuln/detail/CVE-2022-38752

spring-expression from 5.3.24 to 5.3.26 fixing Allocation of Resources Without Limits or Throttling: https://nvd.nist.gov/vuln/detail/CVE-2023-20861

Mar 29 '23 22:03 julianladisch

embedded-database-spring-test embedded-database-spring-test copied to clipboard

Spring 5.3.26/5.2.23, Spring Boot 2.7.10/2.6.14

embedded-database-spring-test
embedded-database-spring-test copied to clipboard