Fix CVE 2023-1370 (#1521)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2023-12-15 17:04:48 +02:00
committed by GitHub
parent afd9f24d71
commit b2d7e007a6

10
pom.xml
View File

@@ -162,8 +162,6 @@
<spring.boot.version>2.7.18</spring.boot.version> <spring.boot.version>2.7.18</spring.boot.version>
<spring.cloud.version>2021.0.8</spring.cloud.version> <spring.cloud.version>2021.0.8</spring.cloud.version>
<spring.plugin.core.version>2.0.0.RELEASE</spring.plugin.core.version> <spring.plugin.core.version>2.0.0.RELEASE</spring.plugin.core.version>
<!-- CVE-2022-31690 Remove after Spring 3.0.0 migration-->
<spring.security.oauth2.client.version>5.7.11</spring.security.oauth2.client.version>
<!-- Swagger Support --> <!-- Swagger Support -->
<springdoc-openapi.version>1.7.0</springdoc-openapi.version> <springdoc-openapi.version>1.7.0</springdoc-openapi.version>
@@ -853,11 +851,13 @@
<artifactId>spring-plugin-core</artifactId> <artifactId>spring-plugin-core</artifactId>
<version>${spring.plugin.core.version}</version> <version>${spring.plugin.core.version}</version>
</dependency> </dependency>
<!-- CVE-2022-31690 Remove after Spring 3.0.0 migration-->
<!-- CVE-2023-1370 Remove after Spring 3.0.0 migration -->
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId> <artifactId>spring-security-oauth2-jose</artifactId>
<version>${spring.security.oauth2.client.version}</version> <version>5.8.8</version>
<scope>compile</scope>
</dependency> </dependency>
<!-- Swagger Support --> <!-- Swagger Support -->