Done
Details
Details
Assignee
Michelle Suranofsky
Michelle SuranofskyReporter
Julian Ladisch
Julian LadischPriority
P2Development Team
EBSCO - FSE
Fix versions
Release
Poppy (R2 2023) Bug Fix
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created October 8, 2023 at 11:22 PM
Updated October 16, 2023 at 10:17 PM
Resolved October 16, 2023 at 10:17 PM
Official Spring versions: https://folio-org.atlassian.net/wiki/display/TC/Poppy#Poppy-Frameworks.1
Running
mvn dependency:tree -Dincludes=org.springframework*shows that org.extensiblecatalog.ncip.v2:common:3.0.0 comes with Spring Framework 5.3.22. This should be upgraded to Spring Framework 6.0.x.
The Vert.x dependeny should be upgraded from 4.3.8 to 4.4.x.
These upgrades will fix several security vulnerabilities in the dependencies:
https://nvd.nist.gov/vuln/detail/CVE-2023-20860
https://nvd.nist.gov/vuln/detail/CVE-2023-20863
https://nvd.nist.gov/vuln/detail/CVE-2023-20861
https://nvd.nist.gov/vuln/detail/CVE-2023-34462