search

DimaMend / gradle-hostrules-gh-package

Apache License 2.0
0 stars 5 forks source link

Update dependency org.springframework.boot:spring-boot-starter-log4j2 to v2.6.3 - autoclosed #4

Closed mend-for-github-com[bot] closed 8 months ago

mend-for-github-com[bot] commented 8 months ago

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot-starter-log4j2 (source) dependencies patch 2.6.1 -> 2.6.3

By merging this PR, the issue #1 will be automatically resolved and closed:

Severity CVSS Score CVE
Critical Critical 10.0 CVE-2021-44228
Critical Critical 9.0 CVE-2021-45046
Medium Medium 6.6 CVE-2021-44832
Medium Medium 5.9 CVE-2021-45105

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-log4j2) ### [`v2.6.3`](https://togithub.com/spring-projects/spring-boot/releases/tag/v2.6.3) #### :lady_beetle: Bug Fixes - 'spring.config.import' placeholders can resolve from profile-specific documents when they should fail [#​29459](https://togithub.com/spring-projects/spring-boot/issues/29459) - Warning from AprLifecycleListener when using Tomcat Native and Tomcat 9.0.55 or later [#​29454](https://togithub.com/spring-projects/spring-boot/issues/29454) - ConfigurationPropertySources.attach will always reattach when called multiple times [#​29410](https://togithub.com/spring-projects/spring-boot/issues/29410) - `@SpringBootTest` does not use spring.main.web-application-type properties declared in test resource files [#​29374](https://togithub.com/spring-projects/spring-boot/issues/29374) - Embedded launch script fails if jar is owned by an unknown user [#​29371](https://togithub.com/spring-projects/spring-boot/issues/29371) - ResponseStatusException no longer returning response body in 2.6.2 using Spring Security when application has a custom context path [#​29299](https://togithub.com/spring-projects/spring-boot/issues/29299) - Maven repackaging of a jar with a deeply nested package is prohibitively slow [#​29268](https://togithub.com/spring-projects/spring-boot/issues/29268) - Health contributor exclusion rules aren't applied to child contributors [#​29251](https://togithub.com/spring-projects/spring-boot/issues/29251) - Default value for management.info.env.enabled is outdated [#​29187](https://togithub.com/spring-projects/spring-boot/pull/29187) #### :notebook_with_decorative_cover: Documentation - Refer to Maven Resolver rather than Aether [#​29480](https://togithub.com/spring-projects/spring-boot/issues/29480) - Clarify documentation for RestTemplate customization [#​29401](https://togithub.com/spring-projects/spring-boot/issues/29401) - Learning About Spring Boot Features has "logging" link twice [#​29380](https://togithub.com/spring-projects/spring-boot/pull/29380) #### :hammer: Dependency Upgrades - Update to Spring Kafka 2.8.2 [#​29319](https://togithub.com/spring-projects/spring-boot/issues/29319) - Upgrade to Hibernate 5.6.4.Final [#​29497](https://togithub.com/spring-projects/spring-boot/issues/29497) - Upgrade to HttpCore5 5.1.3 [#​29343](https://togithub.com/spring-projects/spring-boot/issues/29343) - Upgrade to Infinispan 12.1.11.Final [#​29344](https://togithub.com/spring-projects/spring-boot/issues/29344) - Upgrade to Jaybird 4.0.5.java8 [#​29345](https://togithub.com/spring-projects/spring-boot/issues/29345) - Upgrade to JBoss Logging 3.4.3.Final [#​29346](https://togithub.com/spring-projects/spring-boot/issues/29346) - Upgrade to Lettuce 6.1.6.RELEASE [#​29347](https://togithub.com/spring-projects/spring-boot/issues/29347) - Upgrade to Log4j2 2.17.1 [#​29184](https://togithub.com/spring-projects/spring-boot/issues/29184) - Upgrade to Logback 1.2.10 [#​29348](https://togithub.com/spring-projects/spring-boot/issues/29348) - Upgrade to MariaDB 2.7.5 [#​29498](https://togithub.com/spring-projects/spring-boot/issues/29498) - Upgrade to Maven Jar Plugin 3.2.2 [#​29349](https://togithub.com/spring-projects/spring-boot/issues/29349) - Upgrade to Micrometer 1.8.2 [#​29316](https://togithub.com/spring-projects/spring-boot/issues/29316) - Upgrade to MongoDB 4.4.1 [#​29350](https://togithub.com/spring-projects/spring-boot/issues/29350) - Upgrade to MySQL 8.0.28 [#​29467](https://togithub.com/spring-projects/spring-boot/issues/29467) - Upgrade to Neo4j Java Driver 4.4.2 [#​29398](https://togithub.com/spring-projects/spring-boot/issues/29398) - Upgrade to Netty 4.1.73.Final [#​29351](https://togithub.com/spring-projects/spring-boot/issues/29351) - Upgrade to Netty tcNative 2.0.47.Final [#​29395](https://togithub.com/spring-projects/spring-boot/issues/29395) - Upgrade to Pooled JMS 1.2.3 [#​29468](https://togithub.com/spring-projects/spring-boot/issues/29468) - Upgrade to R2DBC Bom Arabba-SR12 [#​29396](https://togithub.com/spring-projects/spring-boot/issues/29396) - Upgrade to Reactor 2020.0.15 [#​29315](https://togithub.com/spring-projects/spring-boot/issues/29315) - Upgrade to SLF4J 1.7.33 [#​29397](https://togithub.com/spring-projects/spring-boot/issues/29397) - Upgrade to Spring AMQP 2.4.2 [#​29318](https://togithub.com/spring-projects/spring-boot/issues/29318) - Upgrade to Spring Data 2021.1.1 [#​29317](https://togithub.com/spring-projects/spring-boot/issues/29317) - Upgrade to Spring Framework 5.3.15 [#​29327](https://togithub.com/spring-projects/spring-boot/issues/29327) - Upgrade to Spring HATEOAS 1.4.1 [#​29283](https://togithub.com/spring-projects/spring-boot/issues/29283) - Upgrade to Spring Integration 5.5.8 [#​29320](https://togithub.com/spring-projects/spring-boot/issues/29320) - Upgrade to Spring REST Docs 2.0.6.RELEASE [#​29322](https://togithub.com/spring-projects/spring-boot/issues/29322) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​izeye](https://togithub.com/izeye) - [@​dreis2211](https://togithub.com/dreis2211) - [@​Omkar-Shetkar](https://togithub.com/Omkar-Shetkar) - [@​jprinet](https://togithub.com/jprinet) ### [`v2.6.2`](https://togithub.com/spring-projects/spring-boot/releases/tag/v2.6.2) #### :lady_beetle: Bug Fixes - The getter and setter that's used during configuration property binding varies when a getter or setter has been overridden to use a subclass of the property's type [#​29143](https://togithub.com/spring-projects/spring-boot/issues/29143) - DatabaseInitializationDependencyConfigurer triggers eager initialization of factory beans [#​29103](https://togithub.com/spring-projects/spring-boot/issues/29103) - Spring boot 2.6.0 Quartz mysql/mariadb tables are not created [#​29095](https://togithub.com/spring-projects/spring-boot/issues/29095) - Platform used for Quartz, Session, Integration, and Batch schema initialization cannot be configured [#​29002](https://togithub.com/spring-projects/spring-boot/issues/29002) - App fails to start when it depends on thymeleaf-extras-springsecurity5 but does not have Spring Security on the classpath [#​28979](https://togithub.com/spring-projects/spring-boot/issues/28979) - ResponseStatusException no longer returning response body in 2.6.1 using spring security [#​28953](https://togithub.com/spring-projects/spring-boot/issues/28953) - DataSourceScriptDatabaseInitializer may still try to access the database even though its initialization mode is never [#​28931](https://togithub.com/spring-projects/spring-boot/issues/28931) - Hibernate validation messages broken in spring boot 2.6.1 when setUseCodeAsDefaultMessage set to true [#​28930](https://togithub.com/spring-projects/spring-boot/issues/28930) - Image buildpack references without tag do not default to latest version [#​28922](https://togithub.com/spring-projects/spring-boot/issues/28922) - Invalid classpath index manifest attribute in war files built with Maven [#​28904](https://togithub.com/spring-projects/spring-boot/issues/28904) - AbstractMethodError in org.springframework.boot.web.servlet.filter.ErrorPageSecurityFilter when deployed to a Servlet 3.1-compatible container [#​28902](https://togithub.com/spring-projects/spring-boot/pull/28902) - Setting cache time-to-live for the health endpoint has no effect [#​28882](https://togithub.com/spring-projects/spring-boot/issues/28882) - server.servlet.session.cookie.same-site isn't applied to Spring Session's SESSION cookie [#​28784](https://togithub.com/spring-projects/spring-boot/pull/28784) #### :notebook_with_decorative_cover: Documentation - 2.5.x snapshot documentation links to source code on the main branch [#​29141](https://togithub.com/spring-projects/spring-boot/issues/29141) - Document that using DevTools with a remote application is not supported with WebFlux [#​29138](https://togithub.com/spring-projects/spring-boot/issues/29138) - Polish Creating Your Own Auto-configuration section in Core Features reference doc [#​29133](https://togithub.com/spring-projects/spring-boot/issues/29133) - Polish CacheManager customization section in reference doc [#​29098](https://togithub.com/spring-projects/spring-boot/issues/29098) - Polish README.adoc [#​28948](https://togithub.com/spring-projects/spring-boot/issues/28948) - Fix documented default value for property `spring.mvc.pathmatch.matching-strategy` [#​28936](https://togithub.com/spring-projects/spring-boot/issues/28936) - Add consistent quotes in YAML samples of reference doc [#​28911](https://togithub.com/spring-projects/spring-boot/pull/28911) #### :hammer: Dependency Upgrades - Upgrade to Logback 1.2.9 [#​29012](https://togithub.com/spring-projects/spring-boot/issues/29012) - Upgrade to AppEngine SDK 1.9.93 [#​29054](https://togithub.com/spring-projects/spring-boot/issues/29054) - Upgrade to Caffeine 2.9.3 [#​29055](https://togithub.com/spring-projects/spring-boot/issues/29055) - Upgrade to Couchbase Client 3.2.4 [#​29056](https://togithub.com/spring-projects/spring-boot/issues/29056) - Upgrade to DB2 JDBC 11.5.7.0 [#​29124](https://togithub.com/spring-projects/spring-boot/issues/29124) - Upgrade to Dropwizard Metrics 4.2.7 [#​29125](https://togithub.com/spring-projects/spring-boot/issues/29125) - Upgrade to Ehcache3 3.9.9 [#​29126](https://togithub.com/spring-projects/spring-boot/issues/29126) - Upgrade to Flyway 8.0.5 [#​29059](https://togithub.com/spring-projects/spring-boot/issues/29059) - Upgrade to Hazelcast 4.2.4 [#​29146](https://togithub.com/spring-projects/spring-boot/issues/29146) - Upgrade to Hibernate 5.6.3.Final [#​29127](https://togithub.com/spring-projects/spring-boot/issues/29127) - Upgrade to HttpAsyncClient 4.1.5 [#​29062](https://togithub.com/spring-projects/spring-boot/issues/29062) - Upgrade to HttpCore 4.4.15 [#​29063](https://togithub.com/spring-projects/spring-boot/issues/29063) - Upgrade to Infinispan 12.1.10.Final [#​29128](https://togithub.com/spring-projects/spring-boot/issues/29128) - Upgrade to Jackson Bom 2.13.1 [#​29129](https://togithub.com/spring-projects/spring-boot/issues/29129) - Upgrade to JDOM2 2.0.6.1 [#​29064](https://togithub.com/spring-projects/spring-boot/issues/29064) - Upgrade to Jedis 3.7.1 [#​29065](https://togithub.com/spring-projects/spring-boot/issues/29065) - Upgrade to JUnit Jupiter 5.8.2 [#​29066](https://togithub.com/spring-projects/spring-boot/issues/29066) - Upgrade to Kotlin 1.6.10 [#​29067](https://togithub.com/spring-projects/spring-boot/issues/29067) - Upgrade to Log4j2 2.17.0 [#​28984](https://togithub.com/spring-projects/spring-boot/issues/28984) - Upgrade to Micrometer 1.8.1 [#​28971](https://togithub.com/spring-projects/spring-boot/issues/28971) - Upgrade to MSSQL JDBC 9.4.1.jre8 [#​29068](https://togithub.com/spring-projects/spring-boot/issues/29068) - Upgrade to Netty 4.1.72.Final [#​29005](https://togithub.com/spring-projects/spring-boot/issues/29005) - Upgrade to Reactor 2020.0.14 [#​28969](https://togithub.com/spring-projects/spring-boot/issues/28969) - Upgrade to Spring AMQP 2.4.1 [#​28995](https://togithub.com/spring-projects/spring-boot/issues/28995) - Upgrade to Spring Framework 5.3.14 [#​28970](https://togithub.com/spring-projects/spring-boot/issues/28970) - Upgrade to Spring Integration 5.5.7 [#​28975](https://togithub.com/spring-projects/spring-boot/issues/28975) - Upgrade to Spring Kafka 2.8.1 [#​29017](https://togithub.com/spring-projects/spring-boot/issues/29017) - Upgrade to Spring LDAP 2.3.5 [#​28972](https://togithub.com/spring-projects/spring-boot/issues/28972) - Upgrade to Spring Security 5.6.1 [#​28973](https://togithub.com/spring-projects/spring-boot/issues/28973) - Upgrade to Spring Session 2021.1.1 [#​28974](https://togithub.com/spring-projects/spring-boot/issues/28974) - Upgrade to Spring WS 3.1.2 [#​29069](https://togithub.com/spring-projects/spring-boot/issues/29069) - Upgrade to Thymeleaf 3.0.14.RELEASE [#​29070](https://togithub.com/spring-projects/spring-boot/issues/29070) - Upgrade to Tomcat 9.0.56 [#​29071](https://togithub.com/spring-projects/spring-boot/issues/29071) - Upgrade to Undertow 2.2.14.Final [#​29072](https://togithub.com/spring-projects/spring-boot/issues/29072) - Upgrade to XmlUnit2 2.8.4 [#​29131](https://togithub.com/spring-projects/spring-boot/issues/29131) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​izeye](https://togithub.com/izeye) - [@​asa1997](https://togithub.com/asa1997) - [@​vashisthabhinav](https://togithub.com/vashisthabhinav) - [@​An1s9n](https://togithub.com/An1s9n) - [@​copbint](https://togithub.com/copbint) - [@​viktorardelean](https://togithub.com/viktorardelean) - [@​vpavic](https://togithub.com/vpavic) - [@​terminux](https://togithub.com/terminux) - [@​Artur-](https://togithub.com/Artur-)