Spring security dependency vulnerability fix (!431) · Merge requests · OSDU Software / OSDU Data Platform / Security and Compliance / Legal

Vivek Ojha requested to merge vivekojha/spring-security-vulnerability-fix into azure/m16-master Aug 16, 2023

All Submissions:

[YES] I have added an explanation of what changes in this merge do and why we should include it?
[NA] I have updated the documentation accordingly.
[NA] I have added tests to cover my changes.
[YES] All new and existing tests passed.
[YES] My code follows the code style of this project.
[NA] I ran lint checks locally prior to submission.

What is the current behavior?

Component governance in Legal service build is failing in ADO because of a security vulnerability described in detail here - https://spring.io/security/cve-2023-34034.

This change, updates relevant dependency version to the ones which do not have this vulnerability as per the doc link shared above. We've run clean install to verify this change. Screenshot below

Issue: Remember to link the workitem to this pull request.

What is the new behavior?

Updated spring security version to 5.7.10.

Does this introduce a breaking change?

[YES/NO] No

Any relevant logs, error output, etc?

(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)

Other information

Edited Aug 16, 2023 by Vivek Ojha

Spring security dependency vulnerability fix