Dependency Bumps
Merge Request: Dependency updates
Summary
Version tracking for all packages in pom.xml with updates noted.
Parent Properties
Package | Original | Update |
---|---|---|
spring-framework | 6.2.0 | 6.2.1 |
spring-boot-dependencies | 3.4.0 | 3.4.1 |
azure-sdk-bom | 1.2.30 | 1.2.30 |
azure-spring-boot | 5.18.0 | 5.18.0 |
microsoft-graph | 6.23.0 | 6.23.0 |
azure.appinsights | 3.6.2 | 3.6.2 |
azure-servicebus | 3.6.7 | 3.6.7 |
azure-eventgrid | 1.4.0 | 1.4.0 |
io.micrometer | 1.14.1 | 1.14.1 |
jakarta.servlet | 6.0.0 | 6.0.0 |
jakarta.inject | 2.0.1 | 2.0.1 |
json | 20231013 | 20231013 |
log4j-slf4j-impl | 2.24.2 | 2.24.2 |
resilience4j | 2.0.0 | 2.0.0 |
redisson | 3.40.2 | 3.40.2 |
guava | 33.3.1-jre | 33.3.1-jre |
surefire-plugin | 2.22.2 | 2.22.2 |
jacoco-plugin | 0.8.8 | 0.8.8 |
checkstyle-plugin | 3.1.0 | 3.1.0 |
lettuce | 6.5.1.RELEASE | 6.5.1.RELEASE |
Resolved Vulnerabilities
org.springframework.boot:spring-boot-dependencies
-
Vulnerability: CVE-2024-56337
- Severity: High
- Issue: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
-
Resolution: Upgraded from
3.4.0
to3.4.1
-
Vulnerability: CVE-2024-50379
- Severity: High
- Issue: Remote Code Execution due to TOCTOU issue in JSP compilation
-
Resolution: Upgraded from
3.4.0
to3.4.1