search

shaimael / keycloak

Open Source Identity and Access Management For Modern Applications and Services
https://www.keycloak.org
Apache License 2.0
0 stars 0 forks source link

Update dependency org.springframework.boot:spring-boot-starter-web - autoclosed #1361

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 2 years ago

This PR contains the following updates:

Package Type Update Change
org.springframework.boot:spring-boot-starter-web (source) compile major 1.5.16.RELEASE -> 2.0.0.RELEASE
org.springframework.boot:spring-boot-starter-web (source) compile minor 2.0.5.RELEASE -> 2.4.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2016-1000027 #101
High 7.5 CVE-2018-15756 #52
Medium 6.5 CVE-2020-5421 #216
Medium 4.3 CVE-2021-22096 #1258
Medium 4.3 CVE-2021-22096 #1258

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2022-22965 #1349
High 7.8 CVE-2022-27772 #1347
Medium 6.5 CVE-2022-22950 #1346
Medium 4.3 CVE-2021-22096 #1258

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2016-1000027 #101
High 7.8 CVE-2022-27772 #1347
High 7.5 CVE-2018-15756 #52
High 7.5 CVE-2020-5398 #14
Medium 6.5 CVE-2018-1000873 #166
Medium 6.5 CVE-2020-5421 #216
Medium 6.3 WS-2021-0172 #1227
Medium 6.1 CVE-2019-10219 #78
Medium 5.3 CVE-2020-10693 #146
Medium 4.3 CVE-2021-22096 #1258
Medium 4.3 CVE-2021-22096 #1258

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 8.1 CVE-2019-0232 #102
High 7.5 CVE-2019-0199 #104
High 7.5 CVE-2019-10072 #16
High 7.5 CVE-2019-17563 #200
High 7.5 CVE-2020-13934 #80
High 7.5 CVE-2021-25122 #1204
High 7.5 CVE-2021-41079 #1251
High 7.0 CVE-2020-9484 #28
High 7.0 CVE-2021-25329 #35
Medium 6.1 CVE-2019-0221 #76
Medium 5.9 CVE-2021-24122 #60
Medium 5.3 CVE-2021-33037 #1243
Medium 4.8 CVE-2020-1935 #1202
Medium 4.3 CVE-2020-13943 #1208

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2022-22965 #1349
High 7.5 CVE-2020-13935 #1207
Medium 6.5 CVE-2022-22950 #1346

Release Notes

spring-projects/spring-boot ### [`v2.0.0.RELEASE`](https://togithub.com/spring-projects/spring-boot/compare/v1.5.22.RELEASE...v2.0.0.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.22.RELEASE...v2.0.0.RELEASE) ### [`v1.5.22.RELEASE`](https://togithub.com/spring-projects/spring-boot/releases/v1.5.22.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.21.RELEASE...v1.5.22.RELEASE) #### :beetle: Bug Fixes - Embedded MongoDB uses HTTP rather than HTTPS by default to download Mongo binaries [#​17191](https://togithub.com/spring-projects/spring-boot/issues/17191) - spring-boot-dependencies manages jetty-infinispan which no longer exists [#​16925](https://togithub.com/spring-projects/spring-boot/issues/16925) #### :notebook_with_decorative_cover: Documentation - Link to Apache Licence from Maven Plugin docs rather than embedding it [#​17317](https://togithub.com/spring-projects/spring-boot/issues/17317) - Improve javadoc of management server port [#​17068](https://togithub.com/spring-projects/spring-boot/pull/17068) - Fix persistent session property name [#​16894](https://togithub.com/spring-projects/spring-boot/pull/16894) - Correct expansion of jOOQ in the reference docs [#​16879](https://togithub.com/spring-projects/spring-boot/pull/16879) #### :hammer: Dependency Upgrades - Upgrade to Mysql 5.1.48 [#​17783](https://togithub.com/spring-projects/spring-boot/issues/17783) - Upgrade to Spring Security Oauth 2.0.18.RELEASE [#​17671](https://togithub.com/spring-projects/spring-boot/issues/17671) - Upgrade to Spring Security 4.2.13.RELEASE [#​17670](https://togithub.com/spring-projects/spring-boot/issues/17670) - Upgrade to Spring Cloud Connectors 1.2.9.RELEASE [#​17669](https://togithub.com/spring-projects/spring-boot/issues/17669) - Upgrade to Jetty 9.4.19.v20190610 [#​17668](https://togithub.com/spring-projects/spring-boot/issues/17668) - Upgrade to Tomcat 8.5.43 [#​17667](https://togithub.com/spring-projects/spring-boot/issues/17667) - Upgrade to Httpclient 4.5.9 [#​17666](https://togithub.com/spring-projects/spring-boot/issues/17666) - Upgrade to Appengine Sdk 1.9.76 [#​17665](https://togithub.com/spring-projects/spring-boot/issues/17665) - Upgrade to Spring Integration 4.3.21 [#​17642](https://togithub.com/spring-projects/spring-boot/issues/17642) - Upgrade to Spring AMQP 1.7.14 [#​17640](https://togithub.com/spring-projects/spring-boot/issues/17640) - Upgrade to spring-javaformat 0.0.15 [#​17359](https://togithub.com/spring-projects/spring-boot/issues/17359) - Upgrade to Spring Data Ingalls-SR23 [#​17352](https://togithub.com/spring-projects/spring-boot/issues/17352) - Upgrade to Spring Framework 4.3.25 [#​17221](https://togithub.com/spring-projects/spring-boot/issues/17221) - Upgrade to Dependency Management Plugin 1.0.8.RELEASE [#​17149](https://togithub.com/spring-projects/spring-boot/issues/17149) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​lukaseder](https://togithub.com/lukaseder) - [@​ielatif](https://togithub.com/ielatif) - [@​gavvvr](https://togithub.com/gavvvr) ### [`v1.5.21.RELEASE`](https://togithub.com/spring-projects/spring-boot/releases/v1.5.21.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.20.RELEASE...v1.5.21.RELEASE) #### :beetle: Bug Fixes - Some syntax in the reference documentation is not highlighted or is missing altogether [#​16548](https://togithub.com/spring-projects/spring-boot/issues/16548) #### :notebook_with_decorative_cover: Documentation - Fix broken link [#​16666](https://togithub.com/spring-projects/spring-boot/pull/16666) #### :hammer: Dependency Upgrades - Upgrade to Groovy 2.4.17 [#​16836](https://togithub.com/spring-projects/spring-boot/issues/16836) - Upgrade to Jaybird 2.2.15 [#​16762](https://togithub.com/spring-projects/spring-boot/issues/16762) - Upgrade to Jetty 9.4.18.v20190429 [#​16761](https://togithub.com/spring-projects/spring-boot/issues/16761) - Upgrade to Appengine Sdk 1.9.74 [#​16760](https://togithub.com/spring-projects/spring-boot/issues/16760) - Upgrade to Spring Framework 4.3.24 [#​16759](https://togithub.com/spring-projects/spring-boot/issues/16759) - Upgrade to Spring Data Ingalls-SR22 [#​16748](https://togithub.com/spring-projects/spring-boot/issues/16748) - Upgrade to Tomcat 8.5.40 [#​16504](https://togithub.com/spring-projects/spring-boot/issues/16504) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​Tetsuya3850](https://togithub.com/Tetsuya3850) ### [`v1.5.20.RELEASE`](https://togithub.com/spring-projects/spring-boot/releases/v1.5.20.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.19.RELEASE...v1.5.20.RELEASE) #### :beetle: Bug Fixes - Permit use of `@JsonTest` without Jackson [#​16070](https://togithub.com/spring-projects/spring-boot/pull/16070) - When unzipping, spring init may write zip entries outside the specified output location [#​16028](https://togithub.com/spring-projects/spring-boot/issues/16028) - Tomcat does not create temporary directory used to store file uploads when it does not exist [#​9616](https://togithub.com/spring-projects/spring-boot/issues/9616) #### :hammer: Dependency Upgrades - Upgrade to Httpclient 4.5.8 [#​16424](https://togithub.com/spring-projects/spring-boot/issues/16424) - Upgrade to Appengine Sdk 1.9.73 [#​16387](https://togithub.com/spring-projects/spring-boot/issues/16387) - Upgrade to Spring Cloud Connectors 1.2.8.RELEASE [#​16364](https://togithub.com/spring-projects/spring-boot/issues/16364) - Upgrade to Aspectj 1.8.14 [#​16363](https://togithub.com/spring-projects/spring-boot/issues/16363) - Upgrade to Tomcat 8.5.39 [#​16362](https://togithub.com/spring-projects/spring-boot/issues/16362) - Upgrade to H2 1.4.199 [#​16361](https://togithub.com/spring-projects/spring-boot/issues/16361) - Upgrade to Spring Data Ingalls SR20 [#​16358](https://togithub.com/spring-projects/spring-boot/issues/16358) - Upgrade to Spring Security 4.2.12 [#​16352](https://togithub.com/spring-projects/spring-boot/issues/16352) - Upgrade to Spring Integration 4.3.20 [#​16348](https://togithub.com/spring-projects/spring-boot/issues/16348) - Upgrade to Spring AMQP 1.7.13 [#​16345](https://togithub.com/spring-projects/spring-boot/issues/16345) - Upgrade to Spring Framework 4.3.23.RELEASE [#​16338](https://togithub.com/spring-projects/spring-boot/issues/16338) - Upgrade to Jedis 2.9.3 [#​16122](https://togithub.com/spring-projects/spring-boot/issues/16122) - Upgrade to Spring Ws 2.4.5.RELEASE [#​16121](https://togithub.com/spring-projects/spring-boot/issues/16121) - Upgrade to Spring Security Oauth 2.0.17.RELEASE [#​16120](https://togithub.com/spring-projects/spring-boot/issues/16120) - Upgrade to Slf4j 1.7.26 [#​16119](https://togithub.com/spring-projects/spring-boot/issues/16119) - Upgrade to Jetty 9.4.15.v20190215 [#​16118](https://togithub.com/spring-projects/spring-boot/issues/16118) - Upgrade to H2 1.4.198 [#​16117](https://togithub.com/spring-projects/spring-boot/issues/16117) - Upgrade to Spring Security Jwt 1.0.10.RELEASE [#​15907](https://togithub.com/spring-projects/spring-boot/issues/15907) - Upgrade to Spring Retry 1.2.4.RELEASE [#​15906](https://togithub.com/spring-projects/spring-boot/issues/15906) - Upgrade to Tomcat 8.5.38 [#​15905](https://togithub.com/spring-projects/spring-boot/issues/15905) - Upgrade to Httpcore 4.4.11 [#​15904](https://togithub.com/spring-projects/spring-boot/issues/15904) - Upgrade to Httpclient 4.5.7 [#​15903](https://togithub.com/spring-projects/spring-boot/issues/15903) - Upgrade to Undertow 1.4.27.Final [#​15902](https://togithub.com/spring-projects/spring-boot/issues/15902) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​wonwoo](https://togithub.com/wonwoo) ### [`v1.5.19.RELEASE`](https://togithub.com/spring-projects/spring-boot/releases/v1.5.19.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.18.RELEASE...v1.5.19.RELEASE) #### :hammer: Dependency Upgrades - Upgrade to Jedis 2.9.1 [#​15683](https://togithub.com/spring-projects/spring-boot/issues/15683) - Upgrade to Git Commit Id Plugin 2.2.6 [#​15682](https://togithub.com/spring-projects/spring-boot/issues/15682) - Upgrade to Spring Retry 1.2.3.RELEASE [#​15681](https://togithub.com/spring-projects/spring-boot/issues/15681) - Upgrade to Spring Amqp 1.7.12.RELEASE [#​15680](https://togithub.com/spring-projects/spring-boot/issues/15680) - Upgrade to Spring Web Services 2.4.4.RELEASE [#​15668](https://togithub.com/spring-projects/spring-boot/issues/15668) - Upgrade to Spring Batch 3.0.10.RELEASE [#​15657](https://togithub.com/spring-projects/spring-boot/issues/15657) - Upgrade to Spring Framework 4.3.22.RELEASE [#​15529](https://togithub.com/spring-projects/spring-boot/issues/15529) - Upgrade to Narayana 5.5.34.Final [#​15503](https://togithub.com/spring-projects/spring-boot/issues/15503) - Upgrade to Groovy 2.4.16 [#​15502](https://togithub.com/spring-projects/spring-boot/issues/15502) - Upgrade to Tomcat 8.5.37 [#​15501](https://togithub.com/spring-projects/spring-boot/issues/15501) - Upgrade to Appengine Sdk 1.9.71 [#​15500](https://togithub.com/spring-projects/spring-boot/issues/15500) - Upgrade to GemFire 8.2.13 [#​15481](https://togithub.com/spring-projects/spring-boot/issues/15481) - Upgrade to Spring Session 1.3.5 [#​15418](https://togithub.com/spring-projects/spring-boot/issues/15418) - Upgrade to Spring Security 4.2.11 [#​15415](https://togithub.com/spring-projects/spring-boot/issues/15415) - Upgrade to Spring Integration 4.3.19 [#​15411](https://togithub.com/spring-projects/spring-boot/issues/15411) - Upgrade to Spring Data Ingalls SR18 [#​15408](https://togithub.com/spring-projects/spring-boot/issues/15408) - Upgrade to Jetty 9.4.14.v20181114 [#​15239](https://togithub.com/spring-projects/spring-boot/issues/15239) ### [`v1.5.18.RELEASE`](https://togithub.com/spring-projects/spring-boot/releases/v1.5.18.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.17.RELEASE...v1.5.18.RELEASE) #### :star: New Features - Update the homepage in the homebrew formula to avoid a redirect [#​14851](https://togithub.com/spring-projects/spring-boot/issues/14851) #### :beetle: Bug Fixes - AnnotationsPropertySource can throw a NPE when `javax` meta-annotations are present [#​15175](https://togithub.com/spring-projects/spring-boot/issues/15175) - Allow early ServletRequest Autowiring with embedded containers [#​14990](https://togithub.com/spring-projects/spring-boot/issues/14990) #### :notebook_with_decorative_cover: Documentation - Document launcher's use of temp directory for libraries that require unpacking [#​15180](https://togithub.com/spring-projects/spring-boot/issues/15180) - Fixed typo in Maven Site doc [#​15176](https://togithub.com/spring-projects/spring-boot/pull/15176) #### :hammer: Dependency Upgrades - Upgrade to Spring Data Ingalls-SR17 [#​15305](https://togithub.com/spring-projects/spring-boot/issues/15305) - Upgrade to Jackson 2.8.11.20181123 [#​15289](https://togithub.com/spring-projects/spring-boot/issues/15289) - Upgrade to Spring Security 4.2.10 [#​15255](https://togithub.com/spring-projects/spring-boot/issues/15255) - Upgrade to Spring Session 1.3.4.RELEASE [#​15242](https://togithub.com/spring-projects/spring-boot/issues/15242) - Upgrade to Spring Integration 4.3.18.RELEASE [#​15241](https://togithub.com/spring-projects/spring-boot/issues/15241) - Upgrade to Spring Cloud Connectors 1.2.7.RELEASE [#​15240](https://togithub.com/spring-projects/spring-boot/issues/15240) - Upgrade to Tomcat 8.5.35 [#​15238](https://togithub.com/spring-projects/spring-boot/issues/15238) - Upgrade to Appengine Sdk 1.9.68 [#​15236](https://togithub.com/spring-projects/spring-boot/issues/15236) - Upgrade to Spring Framework 4.3.21 [#​15188](https://togithub.com/spring-projects/spring-boot/issues/15188) - Upgrade to Appengine Sdk 1.9.67 [#​14955](https://togithub.com/spring-projects/spring-boot/issues/14955) #### :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@​rs017991](https://togithub.com/rs017991) ### [`v1.5.17.RELEASE`](https://togithub.com/spring-projects/spring-boot/releases/v1.5.17.RELEASE) [Compare Source](https://togithub.com/spring-projects/spring-boot/compare/v1.5.16.RELEASE...v1.5.17.RELEASE) #### :beetle: Bug fixes - server.ssl.key-store-provider and server.ssl.trust-store-provider are ignored when configuring Undertow [#​14713](https://togithub.com/spring-projects/spring-boot/issues/14713) - [@​AutoConfigureMockMvc](https://togithub.com/AutoConfigureMockMvc) does not honor FilterRegistrationBean.enabled=false [#​14636](https://togithub.com/spring-projects/spring-boot/issues/14636) - WebRequestTraceFilter calls methods on the request and response to retrieve information that then isn't included in the trace [#​14550](https://togithub.com/spring-projects/spring-boot/issues/14550) - Support escaped characters in BasicJsonParser [#​14521](https://togithub.com/spring-projects/spring-boot/pull/14521) #### :notebook_with_decorative_cover: Documentation - Fix broken Asciidoctor syntax in section on sanitizing values [#​14708](https://togithub.com/spring-projects/spring-boot/pull/14708) - Documentation on using Spock contains references to removed classes [#​14612](https://togithub.com/spring-projects/spring-boot/issues/14612) - Cassandra auto-configuration requires load balancing policy, reconnection policy and retry policy classes to have a default constructor [#​14461](https://togithub.com/spring-projects/spring-boot/issues/14461) - Improve documentation of RestTemplateBuilder's additionalMessageConverters [#​13714](https://togithub.com/spring-projects/spring-boot/pull/13714) #### :hammer: Dependency upgrades - Upgrade to Spring Security 4.2.9.RELEASE [#​14848](https://togithub.com/spring-projects/spring-boot/issues/14848) - Upgrade to Spring Amqp 1.7.11.RELEASE [#​14837](https://togithub.com/spring-projects/spring-boot/issues/14837) - Upgrade to Spring Security OAuth 2.0.16 [#​14832](https://togithub.com/spring-projects/spring-boot/issues/14832) - Upgrade to Rabbit Amqp Client 4.8.3 [#​14750](https://togithub.com/spring-projects/spring-boot/issues/14750) - Upgrade to Appengine Sdk 1.9.66 [#​14749](https://togithub.com/spring-projects/spring-boot/issues/14749) - Upgrade to GemFire 8.2.12 [#​14739](https://togithub.com/spring-projects/spring-boot/issues/14739) - Upgrade to Spring Data Ingalls SR16 [#​14727](https://togithub.com/spring-projects/spring-boot/issues/14727) - Upgrade to Spring Framework 4.3.20.RELEASE [#​14721](https://togithub.com/spring-projects/spring-boot/issues/14721) - Upgrade to Spring Web Services 2.4.3.RELEASE [#​14527](https://togithub.com/spring-projects/spring-boot/issues/14527) - Upgrade to Undertow 1.4.26.Final [#​13880](https://togithub.com/spring-projects/spring-boot/issues/13880) #### :heart: Contributors We’d like to thank all the contributors who worked on our current release! - [@​DevOrc](https://togithub.com/DevOrc) - [@​weltonrodrigo](https://togithub.com/weltonrodrigo) - [@​izeye](https://togithub.com/izeye)