Skip to content

[#MS39470] fix: remediate high vulnerabilities for [core & azure] modules

Thulasi Dass Subramanian requested to merge az/td-fix-m24-high-vuln into master

Change Details:

  • Remediate High vulnerabilities in [Core & Azure] modules
  • upgraded [spring-web, spring-core, spring-security-core, org.eclipse.jetty] versions

Core Module

  1. [spring-web] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35614 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35613 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35391 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35389 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35176 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34653
  2. [spring-security-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35392 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35388 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35203 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35065
  3. [spring-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34032
  4. [jetty-server, jetty-io]
jetty-server
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.eclipse.jetty:jetty-server:jar:12.0.8:compile

jetty-io
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.eclipse.jetty:jetty-io:jar:12.0.8:compile

Azure Module:

  1. [spring-web] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35617 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35127 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34643
  2. [spring-security-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35037
  3. [spring-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34006
  4. [netty-codec-http] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/31886
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- io.projectreactor.netty:reactor-netty-http:jar:1.1.14:compile
[INFO]    \- io.netty:netty-codec-http:jar:4.1.109.Final:compile
[INFO] ------------------------------------------------------------------------
spring-web

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO]    \- org.springframework.security:spring-security-web:jar:6.2.4:compile
[INFO]       \- org.springframework:spring-web:jar:6.1.6:compile
[INFO]
[INFO] --------------< org.opengroup.osdu.unit-service:unit-aks >--------------
[INFO] Building unit-aks 0.27.0-SNAPSHOT                                  [2/2]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- org.opengroup.osdu:core-lib-azure-spring6:jar:0.27.0-rc2:compile
[INFO]    \- com.azure:azure-spring-data-cosmos:jar:5.9.1:compile
[INFO]       \- org.springframework:spring-web:jar:6.1.6:compile
[INFO] ------------------------------------------------------------------------


spring-security-core

[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO]    \- org.springframework.security:spring-security-config:jar:6.2.4:compile
[INFO]       \- org.springframework.security:spring-security-core:jar:6.2.4:compile
[INFO]
[INFO] --------------< org.opengroup.osdu.unit-service:unit-aks >--------------
[INFO] Building unit-aks 0.27.0-SNAPSHOT                                  [2/2]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- com.azure.spring:spring-cloud-azure-starter-active-directory:jar:5.12.0:compile
[INFO]    \- org.springframework.security:spring-security-web:jar:6.2.4:compile
[INFO]       \- org.springframework.security:spring-security-core:jar:6.2.4:compile
[INFO] ------------------------------------------------------------------------

spring-core

[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO]    \- org.springframework.boot:spring-boot-starter:jar:3.2.5:compile
[INFO]       \- org.springframework:spring-core:jar:6.1.6:compile
[INFO]
[INFO] --------------< org.opengroup.osdu.unit-service:unit-aks >--------------
[INFO] Building unit-aks 0.27.0-SNAPSHOT                                  [2/2]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- org.opengroup.osdu:core-lib-azure-spring6:jar:0.27.0-rc2:compile
[INFO]    \- org.springframework:spring-beans:jar:6.1.6:compile
[INFO]       \- org.springframework:spring-core:jar:6.1.6:compile
[INFO] ------------------------------------------------------------------------
Edited by Thulasi Dass Subramanian

Merge request reports

Loading