|
Upgrade Spring Boot from 3.1.4 to 3.1.5.
The Spring Boot upgrade indirectly upgrades tomcat-embed-core from 10.1.13 to 10.1.15 fixing Denial of Service (DoS) and Improper Input Validation and Incomplete Cleanup
: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 , https://nvd.nist.gov/vuln/detail/CVE-2023-45648 , https://nvd.nist.gov/vuln/detail/CVE-2023-42795
Upgrade spring-kafka from 3.0.11 to 3.1.0 and - correspondingly -
kafka from 3.4.1 to 3.6.0.
The kafka upgrade indirectly upgrades snappy-java from 1.1.8.4 to 1.1.10.4 fixing four denial of service (DoS) and out of memory (OOM) issues: https://security.snyk.io/package/maven/org.xerial.snappy:snappy-java
Upgrade hazelcast from 5.2.1 to 5.3.6 fixing Incorrect Permission Assignment for Critical Resource and Insufficiently Protected Credentials: https://nvd.nist.gov/vuln/detail/CVE-2023-33265 , https://nvd.nist.gov/vuln/detail/CVE-2023-33264
|