Skip to content

[MS-39375] fix azure and core high vulnerabilities

VidyaDharani Lokam requested to merge az/vl-fix-high-vul into master

Reference issues:

Changes:

  • upgrade undertow version to 2.3.13.Final
  • upgrade xnio-api version to 3.8.15.Final
  • upgrade spring-boot version to 3.2.5 to remediate spring-web vulnerability in azure.
  • upgrade core-lib-azure to 0.27.0-rc2
  • remove repeated/unused dependencies and exclusions from azure pom

mvn dependency:tree before changes:

[INFO] +- io.undertow:undertow-core:jar:2.3.5.Final:compile
[INFO] |  +- org.jboss.xnio:xnio-api:jar:3.8.14.Final:compile
[INFO] |  |  +- org.wildfly.common:wildfly-common:jar:1.5.4.Final:compile
[INFO] |  |  \- org.wildfly.client:wildfly-client-config:jar:1.0.1.Final:compile
[INFO] |  +- org.jboss.xnio:xnio-nio:jar:3.8.8.Final:runtime
[INFO] |  \- org.jboss.threads:jboss-threads:jar:3.5.0.Final:compile
[INFO] +- io.undertow:undertow-servlet:jar:2.3.5.Final:compile
[INFO] |  \- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] +- io.undertow:undertow-websockets-jsr:jar:2.3.5.Final:compile

mvn dependency:tree after changes:

[INFO] +- io.undertow:undertow-core:jar:2.3.13.Final:compile
[INFO] |  +- org.jboss.xnio:xnio-api:jar:3.8.15.Final:compile
[INFO] |  |  +- org.wildfly.common:wildfly-common:jar:1.5.4.Final:compile
[INFO] |  |  \- org.wildfly.client:wildfly-client-config:jar:1.0.1.Final:compile
[INFO] |  +- org.jboss.xnio:xnio-nio:jar:3.8.8.Final:runtime
[INFO] |  \- org.jboss.threads:jboss-threads:jar:3.5.0.Final:compile
[INFO] +- io.undertow:undertow-servlet:jar:2.3.13.Final:compile
[INFO] |  \- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] +- io.undertow:undertow-websockets-jsr:jar:2.3.13.Final:compile
Edited by VidyaDharani Lokam

Merge request reports

Loading