Done
Details
Details
Assignee
Vignesh Kalyanasundaram
Vignesh KalyanasundaramReporter
Vignesh Kalyanasundaram
Vignesh KalyanasundaramLabels
Priority
TBDSprint
None
Development Team
Volaris
Fix versions
Release
Poppy (R2 2023)
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created October 10, 2023 at 1:30 PM
Updated October 12, 2023 at 2:58 PM
Resolved October 12, 2023 at 7:17 AM
Upgrade spring-boot-starter-parent from 3.0.1 to >= 3.1.4.
See official Spring versions for Poppy: https://folio-org.atlassian.net/wiki/display/TC/Poppy#Poppy-Frameworks.1
The Spring upgrades fix several security vulnerabilities in the dependencies:
https://nvd.nist.gov/vuln/detail/CVE-2023-20873
https://nvd.nist.gov/vuln/detail/CVE-2023-20860
https://nvd.nist.gov/vuln/detail/CVE-2023-20883
https://nvd.nist.gov/vuln/detail/CVE-2023-3635
https://nvd.nist.gov/vuln/detail/CVE-2023-41080
https://nvd.nist.gov/vuln/detail/CVE-2023-20863
https://nvd.nist.gov/vuln/detail/CVE-2023-28709
https://nvd.nist.gov/vuln/detail/CVE-2023-28708
https://nvd.nist.gov/vuln/detail/CVE-2023-20861
https://nvd.nist.gov/vuln/detail/CVE-2023-2976