Skip to content

Commit 664713e

Browse files
juliocastrodevjuliocastrodev
authored
[CHK-12730][CHK-12731] fix dependabot alerts (#277)
* [CHK-12730] fix dependabot #25 (ch.qos.logback:logback-core from 1.5.18 to 1.5.19) * [CHK-12731] fix dependabot #24 (org.springframework:spring-core 6.2.10)
1 parent 2608bdb commit 664713e

File tree

3 files changed

+11
-9
lines changed

3 files changed

+11
-9
lines changed

build.gradle

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ plugins {
33
alias(libs.plugins.nexus.publish)
44
}
55

6-
ext['spring-framework.version'] = '6.2.10'
6+
ext['spring-framework.version'] = '6.2.11'
77
ext['tomcat.version'] = '11.0.10'
88
ext['netty.version'] = '4.2.6.Final' // Due to security vulnerabilities in 4.125.Final and older
99

@@ -70,11 +70,11 @@ subprojects {
7070

7171
// Security constraints
7272
constraints {
73-
implementation("org.springframework:spring-web:6.2.10") {
74-
because("versions below 6.2.8 have security vulnerabilities including CVE-2024-38820 - see dependabot #12")
73+
implementation("org.springframework:spring-web:6.2.11") {
74+
because("versions below 6.2.11 have security vulnerabilities including CVE-2024-38820 and CVE-2025-41249 - see dependabot #12, #24")
7575
}
76-
implementation("org.springframework:spring-webmvc:6.2.10") {
77-
because("versions below 6.2.10 have Path Traversal Vulnerability CVE-2025-41242 - see dependabot #247")
76+
implementation("org.springframework:spring-webmvc:6.2.11") {
77+
because("versions below 6.2.11 have security vulnerabilities including CVE-2025-41242 and CVE-2025-41249 - see dependabot #24, #247")
7878
}
7979
implementation("org.apache.tomcat.embed:tomcat-embed-core:11.0.10") {
8080
because("versions below 10.1.42 have security vulnerabilities including CVE-2024-56337 - see dependabot #13")

examples/example-spring-boot-starter-web/build.gradle

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,14 @@ plugins {
66
}
77

88
// Needed for security. See:
9+
// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/25
910
// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/7
1011
// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/6
1112
// Hopefully with spring-boot 3.4.2+ this won't be needed anymore and can be removed.
1213
dependencyManagement {
1314
dependencies {
14-
dependency 'ch.qos.logback:logback-core:1.5.18'
15-
dependency 'ch.qos.logback:logback-classic:1.5.18'
15+
dependency 'ch.qos.logback:logback-core:1.5.19'
16+
dependency 'ch.qos.logback:logback-classic:1.5.19'
1617
}
1718
}
1819

examples/example-spring-boot-starter-webflux/build.gradle

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,14 @@ plugins {
66
}
77

88
// Needed for security. See:
9+
// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/25
910
// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/7
1011
// - https://github.com/getyourguide/openapi-validation-java/security/dependabot/6
1112
// Hopefully with spring-boot 3.4.2+ this won't be needed anymore and can be removed.
1213
dependencyManagement {
1314
dependencies {
14-
dependency 'ch.qos.logback:logback-core:1.5.18'
15-
dependency 'ch.qos.logback:logback-classic:1.5.18'
15+
dependency 'ch.qos.logback:logback-core:1.5.19'
16+
dependency 'ch.qos.logback:logback-classic:1.5.19'
1617
}
1718
}
1819

0 commit comments

Comments
 (0)