Override spring-security-oauth2-client and h2 dependency versions to fix latest cve findings (#1419)
Signed-off-by: Stanislav Trailov <Stanislav.Trailov@bosch.io>
This commit is contained in:
committed by
GitHub
parent
acff82f60f
commit
080075d44e
11
pom.xml
11
pom.xml
@@ -135,6 +135,8 @@
|
||||
<spring.boot.version>2.7.14</spring.boot.version>
|
||||
<spring.cloud.version>2021.0.5</spring.cloud.version>
|
||||
<spring.plugin.core.version>2.0.0.RELEASE</spring.plugin.core.version>
|
||||
<!-- CVE-2022-31690 Remove after Spring 3.0.0 migration-->
|
||||
<spring.security.oauth2.client.version>5.7.10</spring.security.oauth2.client.version>
|
||||
|
||||
<!-- Spring boot version overrides (should be reviewed with every boot upgrade) - START -->
|
||||
<!-- Newer versions needed than defined in Boot -->
|
||||
@@ -143,6 +145,9 @@
|
||||
<snakeyaml.version>1.33</snakeyaml.version>
|
||||
<!-- Spring boot version overrides - END -->
|
||||
|
||||
<!-- CVE-2022-45868 -->
|
||||
<h2.version>2.2.220</h2.version>
|
||||
|
||||
<rabbitmq.http-client.version>5.0.0</rabbitmq.http-client.version>
|
||||
|
||||
<!-- Eclipselink - START -->
|
||||
@@ -835,6 +840,12 @@
|
||||
<artifactId>spring-plugin-core</artifactId>
|
||||
<version>${spring.plugin.core.version}</version>
|
||||
</dependency>
|
||||
<!-- CVE-2022-31690 Remove after Spring 3.0.0 migration-->
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-oauth2-client</artifactId>
|
||||
<version>${spring.security.oauth2.client.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- Protostuff Io -->
|
||||
<dependency>
|
||||
|
||||
Reference in New Issue
Block a user