Upgrade spring-security-web (!778) · Merge requests · OSDU Software / OSDU Data Platform / Security and Compliance / Entitlements · GitLab

Li Song requested to merge az/ls-upgrade-spring-security into master Dec 03, 2024

Upgraded spring security to address CVE-2024-38821

Dependency order is adjusted to avoid overwriting spring-security-web.jar

Pipeline failure was not caused by the code change given that the test fails even with the revert of the version upgrade: https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/pipelines/296356

Edited Dec 03, 2024 by Li Song