From 4bcfd1ba0255a904431ae75e5804d789a7c1d920 Mon Sep 17 00:00:00 2001
From: Ayushi Srivastava <aysriva@microsoft.com>
Date: Tue, 3 Dec 2024 23:58:08 -0800
Subject: [PATCH] Updating Spring-security-web for Security Vulnerability

---
 pom.xml                                                | 10 +++++++++-
 provider/notification-ibm/pom.xml                      |  4 ++--
 .../build-aws/push-endpoint/pom.xml                    |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 36c8a695c..339ea56d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,10 +30,11 @@
 		<json-smart.version>2.5.0</json-smart.version>
 		<openapi.version>2.6.0</openapi.version>
 		<spring-framework-version>6.1.13</spring-framework-version>
-		<spring-boot.version>3.3.4</spring-boot.version>
+		<spring-boot.version>3.3.5</spring-boot.version>
 		<netty.version>4.1.106.Final</netty.version>
 		<snakeyaml-version>2.0</snakeyaml-version>
 		<xnio-api.version>3.8.15.Final</xnio-api.version>
+		<spring.security.version>6.3.4</spring.security.version>
 	</properties>
 
 	<licenses>
@@ -48,6 +49,13 @@
 
 	<dependencyManagement>
 		<dependencies>
+			<dependency>
+                <groupId>org.springframework.security</groupId>
+                <artifactId>spring-security-bom</artifactId>
+                <version>${spring.security.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
 			<dependency>
 				<groupId> org.apache.logging.log4j</groupId>
 				<artifactId>log4j-bom</artifactId>
diff --git a/provider/notification-ibm/pom.xml b/provider/notification-ibm/pom.xml
index 5a9fda110..1b3439981 100644
--- a/provider/notification-ibm/pom.xml
+++ b/provider/notification-ibm/pom.xml
@@ -30,7 +30,7 @@
         <java.version>17</java.version>
         <maven.compiler.target>${java.version}</maven.compiler.target>
         <maven.compiler.source>${java.version}</maven.compiler.source>
-        <spring-boot-maven-plugin.version>3.2.5</spring-boot-maven-plugin.version>
+        <spring-boot-maven-plugin.version>3.3.5</spring-boot-maven-plugin.version>
 
     </properties>
 
@@ -39,7 +39,7 @@
       <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
-        <version>3.2.5</version>
+        <version>3.3.5</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
diff --git a/testing/notification-test-aws/build-aws/push-endpoint/pom.xml b/testing/notification-test-aws/build-aws/push-endpoint/pom.xml
index 30d0a72e9..132abd2eb 100644
--- a/testing/notification-test-aws/build-aws/push-endpoint/pom.xml
+++ b/testing/notification-test-aws/build-aws/push-endpoint/pom.xml
@@ -28,7 +28,7 @@ limitations under the License.
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.1.4</version>
+        <version>3.3.5</version>
         <relativePath/>
     </parent>
 
-- 
GitLab