From c11e6e4eaca7da05e9a491bb9bf1c554bd0749ca Mon Sep 17 00:00:00 2001
From: Panagiotis Kapralos <panagiotis.kapralos@trasys.gr>
Date: Tue, 3 Sep 2024 15:11:38 +0300
Subject: [PATCH] [80424] update spring-web dependency to 6.1.12 for addressing
 vulnerability CVE-2024-38809

---
 pom.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pom.xml b/pom.xml
index fb19969..4d1b860 100644
--- a/pom.xml
+++ b/pom.xml
@@ -234,6 +234,15 @@
       <version>${logback.version}</version>
     </dependency>
 
+    <!-- Explicitly set dependency of spring-web to 6.1.12 in order to address vulnerability CVE-2024-38809.
+         This is a temporary solution, as the spring-cloud-starter-parent 2023.0.3 depends on the vulnerable version 6.1.10.
+         TODO: remove this dependency as soon as the spring-cloud-starter-parent is updated to a future version that address the vulnerability -->
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-web</artifactId>
+      <version>6.1.12</version>
+    </dependency>
+
     <!-- Test Dependencies -->
     <dependency>
       <groupId>org.springframework.boot</groupId>