Upgraded Spring WebMVC version. (!946) · Merge requests · OSDU Software / OSDU Data Platform / System / Storage · GitLab

Derek Hudson requested to merge aws-cve-fixes into master Oct 01, 2024

Type of change

Bug Fix
Feature

Please provide link to gitlab issue or ADR(Architecture Decision Record)

Does this introduce a change in the core logic?

[YES]

Does this introduce a change in the cloud provider implementation, if so which cloud?

AWS
Azure
GCP
IBM

Does this introduce a breaking change?

[NO]

What is the current behavior?

Currently there is the CVE-2024-38816 vulnerability in the Spring WebMVC.

What is the new/expected behavior?

Upgraded Spring WebMVC to 6.1.13 which removes that vulnerability.

Have you added/updated Unit Tests and Integration Tests?

N/A

Any other useful information