[#MS39470] fix: remediate high vulnerabilities for [core & azure] modules
Change Details:
- Remediate High vulnerabilities in [Core & Azure] modules
- upgraded [spring-web, spring-core, spring-security-core, org.eclipse.jetty] versions
Core Module
- [spring-web] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35614 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35613 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35391 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35389 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35176 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34653
- [spring-security-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35392 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35388 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35203 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35065
- [spring-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34032
- [jetty-server, jetty-io]
jetty-server
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.eclipse.jetty:jetty-server:jar:12.0.8:compile
jetty-io
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.eclipse.jetty:jetty-io:jar:12.0.8:compileAzure Module:
- [spring-web] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35617 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35127 https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34643
- [spring-security-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/35037
- [spring-core] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/34006
- [netty-codec-http] https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/security/vulnerabilities/31886
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- io.projectreactor.netty:reactor-netty-http:jar:1.1.14:compile
[INFO] \- io.netty:netty-codec-http:jar:4.1.109.Final:compile
[INFO] ------------------------------------------------------------------------spring-web
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO] \- org.springframework.security:spring-security-web:jar:6.2.4:compile
[INFO] \- org.springframework:spring-web:jar:6.1.6:compile
[INFO]
[INFO] --------------< org.opengroup.osdu.unit-service:unit-aks >--------------
[INFO] Building unit-aks 0.27.0-SNAPSHOT [2/2]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- org.opengroup.osdu:core-lib-azure-spring6:jar:0.27.0-rc2:compile
[INFO] \- com.azure:azure-spring-data-cosmos:jar:5.9.1:compile
[INFO] \- org.springframework:spring-web:jar:6.1.6:compile
[INFO] ------------------------------------------------------------------------
spring-security-core
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO] \- org.springframework.security:spring-security-config:jar:6.2.4:compile
[INFO] \- org.springframework.security:spring-security-core:jar:6.2.4:compile
[INFO]
[INFO] --------------< org.opengroup.osdu.unit-service:unit-aks >--------------
[INFO] Building unit-aks 0.27.0-SNAPSHOT [2/2]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- com.azure.spring:spring-cloud-azure-starter-active-directory:jar:5.12.0:compile
[INFO] \- org.springframework.security:spring-security-web:jar:6.2.4:compile
[INFO] \- org.springframework.security:spring-security-core:jar:6.2.4:compile
[INFO] ------------------------------------------------------------------------
spring-core
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-core ---
[INFO] org.opengroup.osdu.unit-service:unit-core:jar:0.27.0-SNAPSHOT
[INFO] \- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile
[INFO] \- org.springframework.boot:spring-boot-starter:jar:3.2.5:compile
[INFO] \- org.springframework:spring-core:jar:6.1.6:compile
[INFO]
[INFO] --------------< org.opengroup.osdu.unit-service:unit-aks >--------------
[INFO] Building unit-aks 0.27.0-SNAPSHOT [2/2]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ unit-aks ---
[INFO] org.opengroup.osdu.unit-service:unit-aks:jar:0.27.0-SNAPSHOT
[INFO] \- org.opengroup.osdu:core-lib-azure-spring6:jar:0.27.0-rc2:compile
[INFO] \- org.springframework:spring-beans:jar:6.1.6:compile
[INFO] \- org.springframework:spring-core:jar:6.1.6:compile
[INFO] ------------------------------------------------------------------------Edited by Thulasi Dass Subramanian