Spring 5.3, kafkaclients 3.2.3, folio-di-support 1.7.0

Description

Upgrade kafkaclients from 3.1.0 to 3.2.3 fixing Memory Allocation with Excessive Size Value:
https://nvd.nist.gov/vuln/detail/CVE-2022-34917

Upgrade kafka-junit from 3.1.0 to 3.2.2 to match the kafkaclients version.

Remove unsed httpclient. This indirectly removes commons-codec 1.11 that has Information Exposure vulnerability:
https://app.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518

Remove JUnitParams from runtime, use for test only. This indirectly removes junit 4.12 from runtime that has an Information Exposure vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2020-15250

Upgrade springframework from 5.2.8.RELEASE to 5.3.22. Note that open source spring 5.2.* has reached it's end of life and has been out of support since 2021-12-31: https://spring.io/projects/spring-framework#support

Remove unused spring-beans 5.2.8.RELEASE dependency that has the Spring4Shell Remote Code Execution vulnerability (FOLIO-3466):
https://nvd.nist.gov/vuln/detail/CVE-2022-22965

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:
Done

Details

Assignee

Reporter

Priority

Story Points

Sprint

Development Team

Folijet

Fix versions

Release

Nolana (R3 2022) Bug Fix

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created November 1, 2022 at 11:57 PM
Updated December 20, 2022 at 10:59 AM
Resolved November 2, 2022 at 4:22 PM
TestRail: Cases
TestRail: Runs