[PLUTO-804] Upgrade to Spring Security 5.8.8 and Spring Framework 5.3.30 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.1
Fix Version/s: 3.1.2
Component/s: build system
Labels:
None

Description

This issue serves as a task for upgrading to Spring Security 5.8.8 and Spring Framework 5.3.30 (which is the version of the Spring Framework that Spring Security 5.8.8 was built against).

The upgrades are necessary, because according to dependabot, the following security vulnerabilities are present in Spring Security 5.5.1:

CVE-2022-22978 Critical severity
CVE-2022-22976 Moderate severity

Also according to dependabot, the following security vulnerabilities are present in Spring Framework 5.3.19:

CVE-2022-22970 High severity
CVE-2023-20863 High severity
CVE-2022-22971 Moderate severity
CVE-2023-20861 Moderate severity
CVE-2016-1000027 Critical severity

Attachments

Activity

People

Assignee:: Neil Griffin

Reporter:: Neil Griffin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Dec/23 02:18

Updated:: 08/Dec/23 02:20

Resolved:: 08/Dec/23 02:20