Skip to content

Updating Spring-security-web for Security Vulnerability

Ayushi Srivastava requested to merge users/aysriva/security-web-vuln into master

Type of change

  • Bug Fix
  • Feature

Please provide link to gitlab issue or ADR(Architecture Decision Record)

Does this introduce a change in the core logic?

  • NO

Does this introduce a change in the cloud provider implementation, if so which cloud?

  • AWS
  • Azure
  • Google Cloud
  • IBM

Does this introduce a breaking change?

  • NO

What is the current behavior?

Vulnerabilities:

  1. Common: https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/39532
  2. Common: https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/39533
  3. Azure: https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/39541
  4. AWS: https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/39539
  5. IBM: https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/39524
  6. GC: https://community.opengroup.org/osdu/platform/system/notification/-/security/vulnerabilities/39542

What is the new/expected behavior?

Updating spring-security-web and spring-boot-starter (dependency) for fixing above vulnerabilities After fix: image

Security scan: https://community.opengroup.org/osdu/platform/system/notification/-/jobs/3265276 image

Have you added/updated Unit Tests and Integration Tests?

NO

Any other useful information

Edited by Ayushi Srivastava

Merge request reports