[FOLIO-3646] mod-workflow: Upgrade to spring-module-core 1.1.2 fixing vulns Created: 21/Nov/22 Updated: 23/Nov/22 Resolved: 23/Nov/22 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Bug | Priority: | TBD |
| Reporter: | Julian Ladisch | Assignee: | William Welling |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | Other dev |
| RCA Group: | Related dependency upgrade |
| Description |
|
Upgrade org.folio:spring-module-core from 1.1.1 to 1.1.2. The spring-module-core upgrade indirectly upgrades jackson-databind from 2.13.2.1 to 2.14.0 fixing Denial of Service (DoS): The spring-module-core upgrade indirectly upgrades org.postgresql:postgresql from 42.3.3 to 42.5.0 fixing SQL Injection: The spring-module-core upgrade indirectly upgrades spring-beans from 5.3.19 to 5.3.23 fixing Denial of Service (DoS): The spring-module-core upgrade indirectly upgrades spring-data-rest-webmvc from 3.6.4 to 3.7.5 fixing Information Exposure: The spring-module-core upgrade indirectly upgrades snakeyaml from1.29 to 1.33 fixing Denial of Service (DoS) and Stack-based Buffer Overflow: The spring-module-core upgrade indirectly upgrades spring-messaging from 5.3.19 to The spring-module-core upgrade indirectly upgrades kotlin-stdlib from 1.3.50 to 1.6.21 fixing Improper Locking and Information Exposure: The spring-module-core upgrade indirectly upgrades tomcat-embed-core from 9.0.62 to 9.0.68 fixing HTTP Request Smuggling: |