[MODCITEM-16] Upgrade to folio-spring-base 7.2.2, bcprov-jdk18on:jar 1.73 Created: 27/Nov/23  Updated: 07/Dec/23  Resolved: 07/Dec/23

Status: Closed
Project: mod-circulation-item
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P2
Reporter: Julian Ladisch Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Volaris
Release: Quesnelia (R1 2024)
RCA Group: Related dependency upgrade

 Description   

Upgrade folio-spring-base from 7.2.0 to 7.2.2.

This indirectly upgrades bcprov-jdk15on@1.69 to bcprov-jdk18on:jar:1.73 fixing out of memory (OOM) denial of service (DoS):
https://github.com/bcgit/bc-java/wiki/CVE-2023-33202



 Comments   
Comment by Julian Ladisch [ 27/Nov/23 ]

Pull request for code review: https://github.com/folio-org/mod-circulation-item/pull/14

Comment by Julian Ladisch [ 27/Nov/23 ]

The Volaris team needs to merge the pull request because I don't have write access for this repository.

Generated at Thu Feb 08 22:24:07 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.