[EDGCOURSES-2] Upgrade Spring Boot to >= 3.1.3 Created: 13/Sep/23 Updated: 13/Oct/23 |
|
| Status: | In Progress |
| Project: | edge-courses |
| Components: | None |
| Affects versions: | None |
| Fix versions: | v1.3.0 |
| Type: | Bug | Priority: | P3 |
| Reporter: | Julian Ladisch | Assignee: | Radhakrishnan Gopalakrishnan |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | Dreamliner |
| Release: | Poppy (R2 2023) |
| RCA Group: | Related dependency upgrade |
| Description |
|
Please upgrade Spring Boot from 3.0.5 to >= 3.1.3. For Poppy only 3.1.* is officially supported. Upgrading from 3.0.5 to >= 3.1.3 fixes these vulnerabilities: spring-expression: Allocation of Resources Without Limits or Throttling https://nvd.nist.gov/vuln/detail/CVE-2023-20863 tomcat-embed-core: Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2023-28709 tomcat-embed-core: Access Restriction Bypass https://nvd.nist.gov/vuln/detail/CVE-2023-41080 |