[EDGCOURSES-2] Upgrade Spring Boot to >= 3.1.3 Created: 13/Sep/23  Updated: 13/Oct/23

Status: In Progress
Project: edge-courses
Components: None
Affects versions: None
Fix versions: v1.3.0

Type: Bug Priority: P3
Reporter: Julian Ladisch Assignee: Radhakrishnan Gopalakrishnan
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Dreamliner
Release: Poppy (R2 2023)
RCA Group: Related dependency upgrade

 Description   

Please upgrade Spring Boot from 3.0.5 to >= 3.1.3.

For Poppy only 3.1.* is officially supported.

Upgrading from 3.0.5 to >= 3.1.3 fixes these vulnerabilities:

spring-expression: Allocation of Resources Without Limits or Throttling https://nvd.nist.gov/vuln/detail/CVE-2023-20863

tomcat-embed-core: Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2023-28709

tomcat-embed-core: Access Restriction Bypass https://nvd.nist.gov/vuln/detail/CVE-2023-41080


Generated at Thu Feb 08 22:32:36 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.