Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE #2875

Merged
merged 1 commit into from
Mar 24, 2023
Merged

Fix CVE #2875

merged 1 commit into from
Mar 24, 2023

Conversation

sbrunner
Copy link
Member 

Upgrade org.springframework:spring-context@5.3.20 to org.springframework:spring-context@5.3.26 to fix
✗ Allocation of Resources Without Limits or Throttling (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.3.20
  introduced by org.springframework:spring-webmvc@5.2.22.RELEASE > org.springframework:spring-expression@5.3.20 and 3 other path(s)

Upgrade org.springframework:spring-webmvc@5.2.22.RELEASE to org.springframework:spring-webmvc@5.3.26 to fix
✗ Allocation of Resources Without Limits or Throttling (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.3.20
  introduced by org.springframework:spring-webmvc@5.2.22.RELEASE > org.springframework:spring-expression@5.3.20 and 3 other path(s)

@sbrunner sbrunner added backport 3.28 Backport the pull request to the '3.28' branch backport 3.29 Backport the pull request to the '3.29' branch backport 3.30 Backport the pull request to the '3.30' branch labels Mar 24, 2023
@github-advanced-security
Copy link

You have successfully added a new SonarCloud configuration ``. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

@sbrunner sbrunner force-pushed the audit327 branch 4 times, most recently from 17fe23b to e2cae38 Compare March 24, 2023 15:42
@sbrunner
Fix CVE
e687ef1 
    Upgrade org.springframework:spring-context@5.3.20 to org.springframework:spring-context@5.3.26 to fix
    ✗ Allocation of Resources Without Limits or Throttling (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.3.20
      introduced by org.springframework:spring-webmvc@5.2.22.RELEASE > org.springframework:spring-expression@5.3.20 and 3 other path(s)

    Upgrade org.springframework:spring-webmvc@5.2.22.RELEASE to org.springframework:spring-webmvc@5.3.26 to fix
    ✗ Allocation of Resources Without Limits or Throttling (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749] in org.springframework:spring-expression@5.3.20
      introduced by org.springframework:spring-webmvc@5.2.22.RELEASE > org.springframework:spring-expression@5.3.20 and 3 other path(s)
@sbrunner sbrunner marked this pull request as ready for review March 24, 2023 16:12
@sbrunner sbrunner merged commit 2fa5b6c into 3.27 Mar 24, 2023
@sbrunner sbrunner deleted the audit327 branch March 24, 2023 16:12
@c2c-bot-gis-ci c2c-bot-gis-ci mentioned this pull request Mar 24, 2023
Merged
@c2c-bot-gis-ci c2c-bot-gis-ci removed the backport 3.28 Backport the pull request to the '3.28' branch label Mar 24, 2023
@c2c-bot-gis-ci c2c-bot-gis-ci mentioned this pull request Mar 24, 2023
Merged
@c2c-bot-gis-ci c2c-bot-gis-ci removed the backport 3.29 Backport the pull request to the '3.29' branch label Mar 24, 2023
@c2c-bot-gis-ci c2c-bot-gis-ci mentioned this pull request Mar 24, 2023
Merged
@c2c-bot-gis-ci c2c-bot-gis-ci removed the backport 3.30 Backport the pull request to the '3.30' branch label Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sbrunner @c2c-bot-gis-ci