Spring Boot 3.1.5, folio-spring-base 7.2.2, Snakeyaml 2.2, Snappy 1.1.10.5

Description

Upgrade Spring Boot from 3.1.4 to 3.1.5.

Upgrade folio-spring-base from 7.2.0 to 7.2.2.

Upgrade Snakeyaml from 1.33 to 2.2 fixing vulnerabilities: https://security.snyk.io/package/maven/org.yaml:snakeyaml

Upgrade Snappy from 1.1.8.4 to 1.1.10.5 fixing vulnerabilities: https://security.snyk.io/package/maven/org.xerial.snappy:snappy-java

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Linked issues

defines

UXPROD-3948

NFR : General Spitfire Bugfixes/Tech Debt (Poppy)

SECURITY-10

CVE-2022-1471 SnakeYaml's Constructor. Analysis of modules impacted

SECURITY-19

CVE-2023-43642 snappy-java DoS. Analysis of vulnerability

has to be done before

FST-71

Release folio-service-tools v4.0.0 Quesnelia (R1 2024)

Checklist

hide

TestRail: Results

Activity

Show:

Done

Details

Assignee

Julian Ladisch

Reporter

Julian Ladisch

Labels

back-endepam-spitfire

Priority

TBD

Story Points

Sprint

None

Development Team

Spitfire

Fix versions

4.0.0

Release

Quesnelia (R1 2024)

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created November 15, 2023 at 2:53 PM

Updated March 18, 2024 at 1:57 PM

Resolved November 17, 2023 at 11:26 AM

Configure

TestRail: Cases

TestRail: Runs