|
Remove these version in pom.xml so that the version provided by spring-boot-starter-parent = https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/3.1.5/spring-boot-dependencies-3.1.5.pom is used:
| name |
pinned version |
Spring Boot provided version |
| postgresql.version |
42.5.4 |
42.6.0 |
| snakeyaml.version |
1.33 |
1.33 |
| hazelcast.version |
5.2.1 |
5.2.4 |
| maven-clean-plugin.version |
3.1.0 |
3.2.0 |
| maven-resources-plugin.version |
3.3.0 |
3.3.1 |
Upgrading hazelcast from 5.2.1 to 5.2.4 fixes Incorrect Permission Assignment for Critical Resource and Insufficiently Protected Credentials vulnerabilites:
Lesson learnt: Don't pin versions provided by spring-boot-starter-parent.
|