[90422] update spring-webflux, spring-webmvc dependencies to 6.1.15 t…

…o address CVE-2024-38819
eu-federation-gateway-service · Nov 18, 2024 · 555f66c · 555f66c
1 parent 018d1b4
commit 555f66c
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/pom.xml b/pom.xml
@@ -243,18 +243,19 @@
       <version>6.1.15</version>
     </dependency>
 
-    <!-- Explicitly set dependency of spring-webmvc, spring-webflux to 6.1.13 in order to address vulnerability CVE-2024-38816.
-     This is a temporary solution, as the spring-cloud-starter-parent 2023.0.3 depends on the vulnerable version 6.1.10.
-     TODO: remove this dependency as soon as the spring-cloud-starter-parent is updated to a future version that address the vulnerability -->
+    <!-- Explicitly set dependency of spring-webmvc, spring-webflux to 6.1.15 in order to address
+         vulnerabilities CVE-2024-38816, CVE-2024-38819. This is a temporary solution, as
+         the spring-cloud-starter-parent 2023.0.3 depends on the vulnerable version 6.1.10.
+         TODO: remove this dependency as soon as the spring-cloud-starter-parent is updated to a future version that address the vulnerability -->
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-webmvc</artifactId>
-      <version>6.1.13</version>
+      <version>6.1.15</version>
     </dependency>
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-webflux</artifactId>
-      <version>6.1.13</version>
+      <version>6.1.15</version>
     </dependency>
 
     <!-- Explicitly set dependency of various spring libraries to 6.1.15 in order