Skip to content

Commit

Permalink
[90419] update spring-security-web dependency to 6.2.7 to address CVE…
Browse files Browse the repository at this point in the history 
…-2024-38821
  • Loading branch information
@Panagiotis-Kapralos-ECDC
Panagiotis-Kapralos-ECDC committed Nov 18, 2024
1 parent 2fa229d commit 018d1b4
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,14 +204,13 @@
<artifactId>bcpkix-jdk18on</artifactId>
<version>${bcpkix.version}</version>
</dependency>
<!-- <dependency>-->
<!-- <groupId>org.projectreactor</groupId>-->
<!-- <artifactId>reactor-spring</artifactId>-->
<!-- <version>${reactor.version}</version>-->
<!-- </dependency>-->
<!-- Explicitly set dependency of spring-security-web to 6.2.7 in order
to address vulnerability CVE-2024-38821
TODO: remove this dependency version as soon as the spring-cloud-starter-parent is updated to a future version that address the vulnerability -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>6.2.7</version>
</dependency>
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
Expand Down

0 comments on commit 018d1b4

Please sign in to comment.