Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade spring to 5.3.37 #5048

Closed
barthanssens opened this issue Jun 23, 2024 · 0 comments · Fixed by #5049
Closed

Upgrade spring to 5.3.37 #5048

barthanssens opened this issue Jun 23, 2024 · 0 comments · Fixed by #5049
Assignees
@barthanssens
Labels
🐞 bug issue is a bug dependencies Pull requests that update a dependency file security
Milestone
5.0.1

Comments

@barthanssens
Copy link
Contributor

Current Behavior

Congrats on releasing 5.0 ;-)

I've noticed, when releasing the docker workbench image, there are a few vulnerabilities in spring framework itself (which may or may not affect RDF4J workbench)

Expected Behavior

Upgrading to the latest (patch) release of spring should fix most (but probably not all) reported CVEs for spring dependencies

Steps To Reproduce

No response

Version

5.0.0

Are you interested in contributing a solution yourself?

Yes

Anything else?

No response
@barthanssens barthanssens added 🐞 bug issue is a bug security dependencies Pull requests that update a dependency file labels Jun 23, 2024
@barthanssens barthanssens self-assigned this Jun 23, 2024
barthanssens pushed a commit to Fedict/rdf4j that referenced this issue Jun 23, 2024
eclipse-rdf4jGH-5048: updated spring dependency to fix CVEs
d30ae4b 
Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fov.be>
@barthanssens barthanssens mentioned this issue Jun 23, 2024
Merged
5 tasks
@barthanssens barthanssens added this to the 5.0.1 milestone Jun 23, 2024
barthanssens pushed a commit to Fedict/rdf4j that referenced this issue Jun 23, 2024
@barthanssens
eclipse-rdf4jGH-5048: updated spring dependency to fix CVEs
8bcd5eb 
Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fov.be>
barthanssens pushed a commit to Fedict/rdf4j that referenced this issue Jun 23, 2024
@barthanssens
eclipse-rdf4jGH-5048: updated spring dependency to fix CVEs
875ffd0 
Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fgov.be>
barthanssens added a commit to Fedict/rdf4j that referenced this issue Jun 23, 2024
@barthanssens
eclipse-rdf4jGH-5048: updated spring dependency to fix CVEs
5a6b5f2 
Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fgov.be>
hmottestad added a commit that referenced this issue Jul 9, 2024
@hmottestad
GH-5048: updated spring dependency to fix CVEs (#5049)
ae61579
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barthanssens barthanssens

Labels
🐞 bug issue is a bug dependencies Pull requests that update a dependency file security
Projects
None yet
Milestone
5.0.1
Development

Successfully merging a pull request may close this issue.

GH-5048: updated spring dependency to fix CVEs Fedict/rdf4j
1 participant
@barthanssens