search

codecentric / cxf-spring-boot-starter

Enterprise & production ready SOAP webservices powered by Spring Boot & Apache CXF
https://blog.codecentric.de/en/2016/10/spring-boot-apache-cxf-spring-boot-starter/
143 stars 78 forks source link

Update dependency commons-io:commons-io to v2.14.0 [SECURITY] #149

Open renovate[bot] opened 1 month ago

renovate[bot] commented 1 month ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
commons-io:commons-io (source) 2.11.0 -> 2.14.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO.

The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.

This issue affects Apache Commons IO: from 2.0 before 2.14.0.

Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] commented 1 month ago

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.