search

jainisking / MyTest

mytest
0 stars 1 forks source link

[Snyk] Fix for 42 vulnerabilities #591

Open jainisking opened 11 months ago

jainisking commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **494/1000**
**Why?** Has a fix available, CVSS 5.6 | Unsafe Dependency Resolution
[SNYK-JAVA-COMBEUST-174815](https://snyk.io/vuln/SNYK-JAVA-COMBEUST-174815) | `org.apache.tika:tika-parsers:`
`1.23 -> 2.0.0`
| Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **624/1000**
**Why?** Has a fix available, CVSS 8.2 | XML External Entity (XXE) Injection
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302) | `org.activiti:activiti-engine:`
`6.0.0 -> 7.0.0.GA`
| Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **509/1000**
**Why?** Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698) | `org.activiti:activiti-engine:`
`6.0.0 -> 7.0.0.GA`
`org.springframework.security:spring-security-cas:`
`5.2.0.RELEASE -> 6.1.0`
| Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244) | `org.activiti:activiti-engine:`
`6.0.0 -> 7.0.0.GA`
`org.springframework.security:spring-security-cas:`
`5.2.0.RELEASE -> 6.1.0`
| Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424) | `org.activiti:activiti-engine:`
`6.0.0 -> 7.0.0.GA`
`org.springframework.security:spring-security-cas:`
`5.2.0.RELEASE -> 6.1.0`
| Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426) | `org.activiti:activiti-engine:`
`6.0.0 -> 7.0.0.GA`
`org.springframework.security:spring-security-cas:`
`5.2.0.RELEASE -> 6.1.0`
| Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Improper Certificate Validation
[SNYK-JAVA-COMMONSHTTPCLIENT-30083](https://snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-30083) | `org.apache.axis2:axis2-transport-http:`
`1.7.9 -> 1.8.0`
`org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Man-in-the-Middle (MitM)
[SNYK-JAVA-COMMONSHTTPCLIENT-31660](https://snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-31660) | `org.apache.axis2:axis2-transport-http:`
`1.7.9 -> 1.8.0`
`org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **561/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.8 | Information Exposure
[SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044](https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
| Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | XML External Entity (XXE) Injection
[SNYK-JAVA-DOM4J-174153](https://snyk.io/vuln/SNYK-JAVA-DOM4J-174153) | `org.hibernate:hibernate-spatial:`
`5.2.10.Final -> 5.2.18.Final`
| No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **584/1000**
**Why?** Has a fix available, CVSS 7.4 | XML External Entity (XXE) Injection
[SNYK-JAVA-DOM4J-2812975](https://snyk.io/vuln/SNYK-JAVA-DOM4J-2812975) | `org.hibernate:hibernate-spatial:`
`5.2.10.Final -> 5.2.18.Final`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **505/1000**
**Why?** Has a fix available, CVSS 5.6 | Improper Certificate Validation
[SNYK-JAVA-IONETTY-1042268](https://snyk.io/vuln/SNYK-JAVA-IONETTY-1042268) | `org.keycloak:keycloak-model-infinispan:`
`8.0.1 -> 10.0.0`
| Yes | No Known Exploit ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **399/1000**
**Why?** Has a fix available, CVSS 3.7 | Man-in-the-Middle (MitM)
[SNYK-JAVA-LOG4J-1300176](https://snyk.io/vuln/SNYK-JAVA-LOG4J-1300176) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **651/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.6 | Arbitrary Code Execution
[SNYK-JAVA-LOG4J-2316893](https://snyk.io/vuln/SNYK-JAVA-LOG4J-2316893) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | SQL Injection
[SNYK-JAVA-LOG4J-2342645](https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342645) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-LOG4J-2342646](https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342646) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-LOG4J-2342647](https://snyk.io/vuln/SNYK-JAVA-LOG4J-2342647) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **509/1000**
**Why?** Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-LOG4J-3358774](https://snyk.io/vuln/SNYK-JAVA-LOG4J-3358774) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | No Known Exploit ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **811/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 9.8 | Deserialization of Untrusted Data
[SNYK-JAVA-LOG4J-572732](https://snyk.io/vuln/SNYK-JAVA-LOG4J-572732) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.slf4j:slf4j-log4j12:`
`1.7.29 -> 1.7.34`
| Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-NETSOURCEFORGENEKOHTML-2621454](https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGENEKOHTML-2621454) | `org.owasp.esapi:esapi:`
`2.2.0.0 -> 2.3.0.0`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **414/1000**
**Why?** Has a fix available, CVSS 4 | Memory Allocation with Excessive Size Value
[SNYK-JAVA-NETSOURCEFORGENEKOHTML-2774754](https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGENEKOHTML-2774754) | `org.owasp.esapi:esapi:`
`2.2.0.0 -> 2.3.0.0`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **414/1000**
**Why?** Has a fix available, CVSS 4 | Heap-based Buffer Overflow
[SNYK-JAVA-NETSOURCEFORGENEKOHTML-2803036](https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGENEKOHTML-2803036) | `org.owasp.esapi:esapi:`
`2.2.0.0 -> 2.3.0.0`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **624/1000**
**Why?** Has a fix available, CVSS 8.2 | XML External Entity (XXE) Injection
[SNYK-JAVA-ORGAPACHEIVY-5847858](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEIVY-5847858) | `org.janusgraph:janusgraph-core:`
`0.4.0 -> 0.5.0`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Arbitrary Code Execution
[SNYK-JAVA-ORGAPACHEVELOCITY-3116414](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEVELOCITY-3116414) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **536/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.3 | Access Control Bypass
[SNYK-JAVA-ORGAPACHEZOOKEEPER-174781](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-174781) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **414/1000**
**Why?** Has a fix available, CVSS 4 | Insufficiently Protected Credentials
[SNYK-JAVA-ORGAPACHEZOOKEEPER-31035](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-31035) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Authentication Bypass
[SNYK-JAVA-ORGAPACHEZOOKEEPER-32301](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-32301) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Arbitrary Code Execution during Deserialization
[SNYK-JAVA-ORGBEANSHELL-72452](https://snyk.io/vuln/SNYK-JAVA-ORGBEANSHELL-72452) | `org.testng:testng:`
`5.14 -> 6.10`
| Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **449/1000**
**Why?** Has a fix available, CVSS 4.7 | Information Exposure
[SNYK-JAVA-ORGBOUNCYCASTLE-5771339](https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-5771339) | `org.apache.tika:tika-parsers:`
`1.23 -> 2.0.0`
`org.keycloak:keycloak-common:`
`8.0.1 -> 19.0.0`
`org.keycloak:keycloak-core:`
`9.0.0 -> 19.0.0`
`org.keycloak:keycloak-model-jpa:`
`8.0.0 -> 20.0.0`
`org.keycloak:keycloak-server-spi:`
`8.0.1 -> 19.0.0`
`org.keycloak:keycloak-server-spi-private:`
`8.0.1 -> 21.0.0`
`org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
`org.keycloak:keycloak-spring-security-adapter:`
`9.0.2 -> 22.0.2`
| Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-ORGCODEHAUSJACKSON-3038425](https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJACKSON-3038425) | `org.apache.avro:avro:`
`1.8.1 -> 1.9.0`
`org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-ORGCODEHAUSJACKSON-3038427](https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJACKSON-3038427) | `org.apache.avro:avro:`
`1.8.1 -> 1.9.0`
`org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | Proof of Concept ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **704/1000**
**Why?** Has a fix available, CVSS 9.8 | Improper Input Validation
[SNYK-JAVA-ORGCODEHAUSJACKSON-3326362](https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJACKSON-3326362) | `org.apache.avro:avro:`
`1.8.1 -> 1.9.0`
`org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | XML External Entity (XXE) Injection
[SNYK-JAVA-ORGCODEHAUSJACKSON-534878](https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJACKSON-534878) | `org.apache.avro:avro:`
`1.8.1 -> 1.9.0`
`org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **833/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.8 | Improper Handling of Case Sensitivity
[SNYK-JAVA-ORGECLIPSEJGIT-5905182](https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJGIT-5905182) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
| Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | XML External Entity (XXE) Injection
[SNYK-JAVA-ORGJDOM-1311147](https://snyk.io/vuln/SNYK-JAVA-ORGJDOM-1311147) | `org.codehaus.cargo:cargo-core-api-container:`
`1.7.9 -> 1.8.3`
| No | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **399/1000**
**Why?** Has a fix available, CVSS 3.7 | Improper Input Validation
[SNYK-JAVA-ORGKEYCLOAK-3026902](https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-3026902) | `org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
| Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **711/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.8 | Privilege Escalation
[SNYK-JAVA-ORGMORTBAYJETTY-1021919](https://snyk.io/vuln/SNYK-JAVA-ORGMORTBAYJETTY-1021919) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Cryptographic Issues
[SNYK-JAVA-ORGMORTBAYJETTY-173762](https://snyk.io/vuln/SNYK-JAVA-ORGMORTBAYJETTY-173762) | `org.apache.drill.exec:drill-jdbc:`
`1.16.0 -> 1.21.0`
| No | No Known Exploit ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Improper Handling of Case Sensitivity
[SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634) | | Yes | Proof of Concept ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **811/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 9.8 | Sandbox Bypass
[SNYK-JAVA-ORGTHYMELEAF-5811866](https://snyk.io/vuln/SNYK-JAVA-ORGTHYMELEAF-5811866) | | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **651/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.6 | Arbitrary Code Execution
[SNYK-JAVA-ORGYAML-3152153](https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153) | `org.keycloak:keycloak-server-spi-private:`
`8.0.1 -> 21.0.0`
`org.keycloak:keycloak-services:`
`8.0.1 -> 20.0.0`
| Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised. #### Vulnerabilities that could not be fixed - Upgrade: - Could not upgrade `org.springframework.boot:spring-boot-starter-jersey@2.2.5.RELEASE` to `org.springframework.boot:spring-boot-starter-jersey@3.0.0`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.5.RELEASE/spring-boot-dependencies-2.2.5.RELEASE.pom` - Could not upgrade `org.springframework.boot:spring-boot-starter-thymeleaf@2.2.5.RELEASE` to `org.springframework.boot:spring-boot-starter-thymeleaf@3.0.0`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.5.RELEASE/spring-boot-dependencies-2.2.5.RELEASE.pom` Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jainisking/project/c82e0dc8-2651-4592-a74b-d60619f81179?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/jainisking/project/c82e0dc8-2651-4592-a74b-d60619f81179?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"ae402414-52b4-40f0-819f-2fc10b989b0c","prPublicId":"ae402414-52b4-40f0-819f-2fc10b989b0c","dependencies":[{"name":"org.activiti:activiti-engine","from":"6.0.0","to":"7.0.0.GA"},{"name":"org.apache.avro:avro","from":"1.8.1","to":"1.9.0"},{"name":"org.apache.axis2:axis2-transport-http","from":"1.7.9","to":"1.8.0"},{"name":"org.apache.drill.exec:drill-jdbc","from":"1.16.0","to":"1.21.0"},{"name":"org.apache.tika:tika-parsers","from":"1.23","to":"2.0.0"},{"name":"org.codehaus.cargo:cargo-core-api-container","from":"1.7.9","to":"1.8.3"},{"name":"org.hibernate:hibernate-spatial","from":"5.2.10.Final","to":"5.2.18.Final"},{"name":"org.janusgraph:janusgraph-core","from":"0.4.0","to":"0.5.0"},{"name":"org.keycloak:keycloak-common","from":"8.0.1","to":"19.0.0"},{"name":"org.keycloak:keycloak-core","from":"9.0.0","to":"19.0.0"},{"name":"org.keycloak:keycloak-model-infinispan","from":"8.0.1","to":"10.0.0"},{"name":"org.keycloak:keycloak-model-jpa","from":"8.0.0","to":"20.0.0"},{"name":"org.keycloak:keycloak-server-spi","from":"8.0.1","to":"19.0.0"},{"name":"org.keycloak:keycloak-server-spi-private","from":"8.0.1","to":"21.0.0"},{"name":"org.keycloak:keycloak-services","from":"8.0.1","to":"20.0.0"},{"name":"org.keycloak:keycloak-spring-security-adapter","from":"9.0.2","to":"22.0.2"},{"name":"org.owasp.esapi:esapi","from":"2.2.0.0","to":"2.3.0.0"},{"name":"org.slf4j:slf4j-log4j12","from":"1.7.29","to":"1.7.34"},{"name":"org.springframework.boot:spring-boot-starter-jersey","from":"2.2.5.RELEASE","to":"3.0.0"},{"name":"org.springframework.boot:spring-boot-starter-thymeleaf","from":"2.2.5.RELEASE","to":"3.0.0"},{"name":"org.springframework.security:spring-security-cas","from":"5.2.0.RELEASE","to":"6.1.0"},{"name":"org.testng:testng","from":"5.14","to":"6.10"}],"packageManager":"maven","projectPublicId":"c82e0dc8-2651-4592-a74b-d60619f81179","projectUrl":"https://app.snyk.io/org/jainisking/project/c82e0dc8-2651-4592-a74b-d60619f81179?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-COMBEUST-174815","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMMONSHTTPCLIENT-30083","SNYK-JAVA-COMMONSHTTPCLIENT-31660","SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044","SNYK-JAVA-DOM4J-174153","SNYK-JAVA-DOM4J-2812975","SNYK-JAVA-IONETTY-1042268","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-NETSOURCEFORGENEKOHTML-2621454","SNYK-JAVA-NETSOURCEFORGENEKOHTML-2774754","SNYK-JAVA-NETSOURCEFORGENEKOHTML-2803036","SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058","SNYK-JAVA-ORGAPACHEIVY-5847858","SNYK-JAVA-ORGAPACHEVELOCITY-3116414","SNYK-JAVA-ORGAPACHEZOOKEEPER-174781","SNYK-JAVA-ORGAPACHEZOOKEEPER-31035","SNYK-JAVA-ORGAPACHEZOOKEEPER-32301","SNYK-JAVA-ORGBEANSHELL-72452","SNYK-JAVA-ORGBOUNCYCASTLE-5771339","SNYK-JAVA-ORGCODEHAUSJACKSON-3038425","SNYK-JAVA-ORGCODEHAUSJACKSON-3038427","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878","SNYK-JAVA-ORGECLIPSEJGIT-5905182","SNYK-JAVA-ORGJDOM-1311147","SNYK-JAVA-ORGKEYCLOAK-3026902","SNYK-JAVA-ORGMORTBAYJETTY-1021919","SNYK-JAVA-ORGMORTBAYJETTY-173762","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","SNYK-JAVA-ORGTHYMELEAF-5811866","SNYK-JAVA-ORGYAML-3152153"],"upgrade":["SNYK-JAVA-COMBEUST-174815","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMMONSHTTPCLIENT-30083","SNYK-JAVA-COMMONSHTTPCLIENT-31660","SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044","SNYK-JAVA-DOM4J-174153","SNYK-JAVA-DOM4J-2812975","SNYK-JAVA-IONETTY-1042268","SNYK-JAVA-LOG4J-1300176","SNYK-JAVA-LOG4J-2316893","SNYK-JAVA-LOG4J-2342645","SNYK-JAVA-LOG4J-2342646","SNYK-JAVA-LOG4J-2342647","SNYK-JAVA-LOG4J-3358774","SNYK-JAVA-LOG4J-572732","SNYK-JAVA-NETSOURCEFORGENEKOHTML-2621454","SNYK-JAVA-NETSOURCEFORGENEKOHTML-2774754","SNYK-JAVA-NETSOURCEFORGENEKOHTML-2803036","SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058","SNYK-JAVA-ORGAPACHEIVY-5847858","SNYK-JAVA-ORGAPACHEVELOCITY-3116414","SNYK-JAVA-ORGAPACHEZOOKEEPER-174781","SNYK-JAVA-ORGAPACHEZOOKEEPER-31035","SNYK-JAVA-ORGAPACHEZOOKEEPER-32301","SNYK-JAVA-ORGBEANSHELL-72452","SNYK-JAVA-ORGBOUNCYCASTLE-5771339","SNYK-JAVA-ORGCODEHAUSJACKSON-3038425","SNYK-JAVA-ORGCODEHAUSJACKSON-3038427","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878","SNYK-JAVA-ORGECLIPSEJGIT-5905182","SNYK-JAVA-ORGJDOM-1311147","SNYK-JAVA-ORGKEYCLOAK-3026902","SNYK-JAVA-ORGMORTBAYJETTY-1021919","SNYK-JAVA-ORGMORTBAYJETTY-173762","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","SNYK-JAVA-ORGTHYMELEAF-5811866","SNYK-JAVA-ORGYAML-3152153"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[494,624,509,589,616,616,484,429,561,696,584,505,399,651,619,619,619,509,811,589,414,414,479,624,619,536,414,589,726,449,616,616,704,589,833,696,399,711,479,506,811,651],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [XML External Entity (XXE) Injection](https://learn.snyk.io/lesson/xxe/?loc=fix-pr) 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Man-in-the-Middle (MitM)](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)