From 2d1118dc8593888dd89cfda389590388fbbcd41a Mon Sep 17 00:00:00 2001
From: Manish Jangid <msjangid@amazon.com>
Date: Wed, 18 Jan 2023 16:06:57 +0000
Subject: [PATCH] Fix Spring vulnerabilities
---
notification-core/pom.xml | 5 +++++
provider/notification-aws/pom.xml | 8 ++++++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/notification-core/pom.xml b/notification-core/pom.xml
index 26faa2366..82a9b9f49 100644
--- a/notification-core/pom.xml
+++ b/notification-core/pom.xml
@@ -160,6 +160,11 @@
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ <version>5.7.5</version>
+ </dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
diff --git a/provider/notification-aws/pom.xml b/provider/notification-aws/pom.xml
index 57f364b22..8d3146445 100644
--- a/provider/notification-aws/pom.xml
+++ b/provider/notification-aws/pom.xml
@@ -40,7 +40,6 @@
<os-core-common.version>0.19.0-SNAPSHOT</os-core-common.version>
<jackson-databind.version>2.13.2.2</jackson-databind.version>
<jackson.version>2.13.2</jackson.version>
- <spring-webmvc.version>5.3.22</spring-webmvc.version>
<spring-boot-maven-plugin.version>2.7.6</spring-boot-maven-plugin.version>
</properties>
@@ -103,7 +102,12 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
- <version>${spring-webmvc.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-core</artifactId>
+ <version>5.7.5</version>
</dependency>
<!-- unit test dependencies -->
--
GitLab