[FOLSPRINGB-46] Update mod-spring-template dependencies (CVE-2022-21724) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Labels:
- security
- springway

Template:
Development Team:
Spring Force
RCA Group:
TBD

Description

Update spring-boot-starter-parent from 2.3.4.RELEASE to 2.6.4. This bumps sub-dependency org.postgresql:postgresql from 42.2.16 to 42.3.3 fixing Remote Code Execution (RCE): https://nvd.nist.gov/vuln/detail/CVE-2022-21724

Update folio-spring-base from 1.0.0 to 4.0.0.
Update openapi-generator from 4.3.1 to 5.4.0.
Update mapstruct from 1.3.1.Final to 1.4.2.Final.
Update org.json:json from 20200518 to 20211205.

Remove postgresql-embedded. It has been unmaintained for a long time and can be replaced by testcontainers: https://github.com/yandex-qatools/postgresql-embedded#embedded-postgresql-server

TestRail: Results

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Mar/22 3:20 PM

Updated:: 29/Mar/22 3:22 PM

Resolved:: 29/Mar/22 3:22 PM

Update mod-spring-template dependencies (CVE-2022-21724)