Skip to content

Spring security dependency vulnerability fix

All Submissions:

  • [YES] I have added an explanation of what changes in this merge do and why we should include it?
  • [NA] I have updated the documentation accordingly.
  • [NA] I have added tests to cover my changes.
  • [YES] All new and existing tests passed.
  • [YES] My code follows the code style of this project.
  • [NA] I ran lint checks locally prior to submission.

What is the current behavior?

Component governance in Legal service build is failing in ADO because of a security vulnerability described in detail here -

This change, updates relevant dependency version to the ones which do not have this vulnerability as per the doc link shared above. We've run clean install to verify this change. Screenshot below


Issue: Remember to link the workitem to this pull request.

What is the new behavior?

Updated spring security version to 5.7.10.

Does this introduce a breaking change?

  • [YES/NO] No

Any relevant logs, error output, etc?

(If it’s long, please paste to and insert the link here.)

Other information

Edited by Vivek Ojha

Merge request reports