DMC/scipro
7
0
Fork 0
Code Issues 20 Pull Requests 8 Actions Projects 1 Wiki Activity

Upgrade Spring Boot version to address many security vulnerabilities #52

Merged
tozh4728 merged 1 commits from update-spring-boot into develop 2024-12-03 10:55:29 +01:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
ansv7779 commented 2024-12-03 10:51:27 +01:00
Owner
Copy Link

Fixes #28 (CVE-2024-38809), #29 (CVE-2024-38816), and #46 (CVE-2024-38820)

Chose to stay on the 3.2 Spring Boot train despite 3.4 being out. Waiting for a more conscious to do the upgrade in case there are other changes required.

Luckily none of the preconditions of the vulnerabilities were true for SciPro so they could not be exploited.

Fixes #28 ([CVE-2024-38809](https://spring.io/security/cve-2024-38809)), #29 ([CVE-2024-38816](https://spring.io/security/cve-2024-38816)), and #46 ([CVE-2024-38820](https://spring.io/security/cve-2024-38820)) Chose to stay on the 3.2 Spring Boot train despite 3.4 being out. Waiting for a more conscious to do the upgrade in case there are other changes required. Luckily none of the preconditions of the vulnerabilities were true for SciPro so they could not be exploited.
ansv7779 added 1 commit 2024-12-03 10:51:27 +01:00
Upgrade Spring Boot version to address many security vulnerabilities
All checks were successful
Build and test / build-and-test (push) Successful in 7m8s
Details
a1dffa34db 
CVE-2024-38809, CVE-2024-38816, and CVE-2024-38820
tozh4728 approved these changes 2024-12-03 10:55:20 +01:00
tozh4728 merged commit 857f646678 into develop 2024-12-03 10:55:29 +01:00
tozh4728 deleted branch update-spring-boot 2024-12-03 10:55:30 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
tozh4728
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
new

To be discussed at the next meeting

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
new
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: DMC/scipro#52
No description provided.
Delete Branch "update-spring-boot"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?