From d7b8957bb1f14d238214c3a6d7c5d406aaee3ab6 Mon Sep 17 00:00:00 2001
From: Vlado Kragujevski <50583818+vladokrsymphony@users.noreply.github.com>
Date: Fri, 18 Oct 2024 15:53:33 +0200
Subject: [PATCH 1/2] CVE-2024-30172: fix security vulnerability

---
 symphony-bdk-bom/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/symphony-bdk-bom/build.gradle b/symphony-bdk-bom/build.gradle
index c56b3fbc1..784394fb7 100644
--- a/symphony-bdk-bom/build.gradle
+++ b/symphony-bdk-bom/build.gradle
@@ -56,7 +56,7 @@ dependencies {
         api 'commons-logging:commons-logging:1.3.0'
         api 'com.brsanthu:migbase64:2.2'
         api 'io.jsonwebtoken:jjwt:0.9.1'
-        api 'org.bouncycastle:bcpkix-jdk18on:1.77'
+        api 'org.bouncycastle:bcpkix-jdk18on:1.78'
         api 'com.google.code.findbugs:jsr305:3.0.2'
 
         api 'io.github.resilience4j:resilience4j-retry:2.2.0'

From 7adb575c5a88d8e53c0202ac9746896bb5ad9f91 Mon Sep 17 00:00:00 2001
From: Vlado Kragujevski <50583818+vladokrsymphony@users.noreply.github.com>
Date: Fri, 18 Oct 2024 16:17:27 +0200
Subject: [PATCH 2/2] update spring version to latest

---
 symphony-bdk-bom/build.gradle | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/symphony-bdk-bom/build.gradle b/symphony-bdk-bom/build.gradle
index 784394fb7..aa985ca03 100644
--- a/symphony-bdk-bom/build.gradle
+++ b/symphony-bdk-bom/build.gradle
@@ -16,13 +16,13 @@ repositories {
 
 dependencies {
     // import Spring Boot's BOM
-    api platform('org.springframework.boot:spring-boot-dependencies:3.2.4')
+    api platform('org.springframework.boot:spring-boot-dependencies:3.3.4')
     // import Jackson's BOM
-    api platform('com.fasterxml.jackson:jackson-bom:2.16.0')
+    api platform('com.fasterxml.jackson:jackson-bom:2.18.0')
     // import Jersey's BOM
-    api platform('org.glassfish.jersey:jersey-bom:3.1.5')
+    api platform('org.glassfish.jersey:jersey-bom:3.1.9')
     // import Log4j's BOM
-    api platform('org.apache.logging.log4j:log4j-bom:2.22.0')
+    api platform('org.apache.logging.log4j:log4j-bom:2.24.1')
 
     // define all our dependencies versions
     constraints {
@@ -48,12 +48,12 @@ dependencies {
         api 'org.slf4j:slf4j-api:2.0.9'
         api 'org.slf4j:slf4j-log4j12:2.0.9'
 
-        api 'commons-io:commons-io:2.15.1'
-        api 'commons-codec:commons-codec:1.16.0'
+        api 'commons-io:commons-io:2.17.0'
+        api 'commons-codec:commons-codec:1.17.1'
         api 'commons-beanutils:commons-beanutils:1.9.4'
-        api 'org.apache.commons:commons-lang3:3.14.0'
-        api 'org.apache.commons:commons-text:1.11.0'
-        api 'commons-logging:commons-logging:1.3.0'
+        api 'org.apache.commons:commons-lang3:3.17.0'
+        api 'org.apache.commons:commons-text:1.12.0'
+        api 'commons-logging:commons-logging:1.3.4'
         api 'com.brsanthu:migbase64:2.2'
         api 'io.jsonwebtoken:jjwt:0.9.1'
         api 'org.bouncycastle:bcpkix-jdk18on:1.78'
@@ -66,7 +66,7 @@ dependencies {
 
         api 'org.projectreactor:reactor-spring:1.0.1.RELEASE'
 
-        api 'org.freemarker:freemarker:2.3.32'
+        api 'org.freemarker:freemarker:2.3.33'
         api 'com.github.jknack:handlebars:4.3.1'
         api 'org.reflections:reflections:0.10.2'