[FOLIO-3724] spring-module-core: Spring Boot 2.7.9, PostgreSQL 42.5.4 Created: 24/Feb/23  Updated: 06/Apr/23  Resolved: 27/Feb/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3737 mod-workflow: Upgrade to spring-modul... Closed
Sprint:
Development Team: Spring Force
Release: Orchid (R1 2023) Bug Fix
RCA Group: Related dependency upgrade

 Description   

Upgrade
https://github.com/folio-org/spring-module-core/blob/v1.1.3/pom.xml

Upgrade Spring Boot from 2.7.5 to 2.7.9. This indirectly upgrades tomcat-embed-core from 9.0.68 to 9.0.71 fixing Denial of Service (DoS) and Improper Input Validation:

https://nvd.nist.gov/vuln/detail/CVE-2023-24998
https://nvd.nist.gov/vuln/detail/CVE-2022-45143

Also upgrade the JDBC PostgreSQL client from 42.5.1 to 42.5.4 to make sure socket is closed if an exception is thrown in createSocket.

https://jdbc.postgresql.org/changelogs/2023-01-31-42.5.2-release/



 Comments   
Comment by Julian Ladisch [ 27/Feb/23 ]

Jeremy Huff, William Welling: Can you code review https://github.com/folio-org/spring-module-core/pull/42 ? Thanks!

Comment by William Welling [ 27/Feb/23 ]

Julian Ladisch approved. Thanks for the PR.

Comment by Julian Ladisch [ 27/Feb/23 ]

Who is going to release v1.1.4?

Generated at Thu Feb 08 23:30:14 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.