[Snyk] Fix for 22 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	335/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	commons-codec:commons-codec: 1.9 -> 1.13 org.apache.httpcomponents:httpmime: 4.3.2 -> 4.5.13 org.seleniumhq.selenium:selenium-java: 2.34.0 -> 3.0.0 org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	Yes	No Known Exploit	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	JSM bypass via ReflectionHelper SNYK-JAVA-ORGHIBERNATE-30098	org.hibernate:hibernate-validator: 4.3.1.Final -> 6.0.19.Final	No	No Known Exploit	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JAVA-ORGHIBERNATE-568162	org.hibernate:hibernate-validator: 4.3.1.Final -> 6.0.19.Final	Yes	No Known Exploit	No Path Found
	483/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JAVA-ORGHIBERNATE-569100	org.hibernate:hibernate-validator: 4.3.1.Final -> 6.0.19.Final	Yes	No Known Exploit	No Path Found
	580/1000 Why? Has a fix available, CVSS 8.6	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	No	No Known Exploit	No Path Found
	365/1000 Why? Has a fix available, CVSS 4.3	Improper Output Neutralization for Logs SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097	org.springframework.data:spring-data-jpa: 1.4.3.RELEASE -> 1.5.0.RELEASE org.springframework.security:spring-security-config: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-core: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-taglibs: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-web: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework:spring-jdbc: 4.0.6.RELEASE -> 5.2.19.RELEASE org.springframework:spring-orm: 4.0.6.RELEASE -> 5.2.19.RELEASE org.springframework:spring-tx: 4.0.6.RELEASE -> 5.2.19.RELEASE org.springframework:spring-web: 4.0.6.RELEASE -> 5.0.0.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	Yes	No Known Exploit	No Path Found
	415/1000 Why? Recently disclosed, Has a fix available, CVSS 4.3	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878	org.springframework.data:spring-data-jpa: 1.4.3.RELEASE -> 1.5.0.RELEASE org.springframework.security:spring-security-config: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-core: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-taglibs: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-web: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework:spring-jdbc: 4.0.6.RELEASE -> 5.2.19.RELEASE org.springframework:spring-orm: 4.0.6.RELEASE -> 5.2.19.RELEASE org.springframework:spring-tx: 4.0.6.RELEASE -> 5.2.19.RELEASE org.springframework:spring-web: 4.0.6.RELEASE -> 5.0.0.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	Yes	No Known Exploit	No Path Found
	425/1000 Why? Has a fix available, CVSS 5.5	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30164	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	No	No Known Exploit	No Path Found
	580/1000 Why? Has a fix available, CVSS 8.6	Reflected File Download SNYK-JAVA-ORGSPRINGFRAMEWORK-30165	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	No	No Known Exploit	No Path Found
	415/1000 Why? Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-30169	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	No	No Known Exploit	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-32202	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	No	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Authentication Bypass SNYK-JAVA-ORGSPRINGFRAMEWORK-536316	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE org.springframework:spring-webmvc: 4.0.6.RELEASE -> 5.2.19.RELEASE	No	No Known Exploit	No Path Found
	375/1000 Why? Has a fix available, CVSS 4.5	Privilege Escalation SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-1078232	org.springframework.security:spring-security-config: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-core: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-taglibs: 3.2.3.RELEASE -> 5.2.9.RELEASE org.springframework.security:spring-security-web: 3.2.3.RELEASE -> 5.2.9.RELEASE	Yes	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Authentication Bypass SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-31336	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Authentication Bypass SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-31343	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Security Bypass SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-31344	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	No Known Exploit	No Path Found
	695/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	Credentials Disclosure SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITYOAUTH-173755	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	Proof of Concept	No Path Found
	495/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Open Redirect SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITYOAUTH-174830	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	Proof of Concept	No Path Found
	590/1000 Why? Has a fix available, CVSS 8.8	Arbitrary Code Execution SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITYOAUTH-31345	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	No Known Exploit	No Path Found
	640/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITYOAUTH-31676	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	No Known Exploit	No Path Found
	555/1000 Why? Has a fix available, CVSS 8.1	Privilege Escalation SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITYOAUTH-72464	org.springframework.security.oauth:spring-security-oauth2: 2.0.2.RELEASE -> 2.4.2.RELEASE	No	No Known Exploit	No Path Found
	515/1000 Why? Has a fix available, CVSS 7.3	Arbitrary Class Load SNYK-JAVA-XALAN-31385	org.seleniumhq.selenium:selenium-java: 2.34.0 -> 3.0.0	No	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic