[FOLIO-3724] spring-module-core: Spring Boot 2.7.9, PostgreSQL 42.5.4 Created: 24/Feb/23 Updated: 06/Apr/23 Resolved: 27/Feb/23 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Bug | Priority: | TBD |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | |||||||||
| Development Team: | Spring Force | ||||||||
| Release: | Orchid (R1 2023) Bug Fix | ||||||||
| RCA Group: | Related dependency upgrade | ||||||||
| Description |
|
Upgrade Upgrade Spring Boot from 2.7.5 to 2.7.9. This indirectly upgrades tomcat-embed-core from 9.0.68 to 9.0.71 fixing Denial of Service (DoS) and Improper Input Validation: https://nvd.nist.gov/vuln/detail/CVE-2023-24998 Also upgrade the JDBC PostgreSQL client from 42.5.1 to 42.5.4 to make sure socket is closed if an exception is thrown in createSocket. https://jdbc.postgresql.org/changelogs/2023-01-31-42.5.2-release/ |
| Comments |
| Comment by Julian Ladisch [ 27/Feb/23 ] |
|
Jeremy Huff, William Welling: Can you code review https://github.com/folio-org/spring-module-core/pull/42 ? Thanks! |
| Comment by William Welling [ 27/Feb/23 ] |
|
Julian Ladisch approved. Thanks for the PR. |
| Comment by Julian Ladisch [ 27/Feb/23 ] |
|
Who is going to release v1.1.4? |