search

zonkyio / embedded-database-spring-test

A library for creating isolated embedded databases for Spring-powered integration tests.
Apache License 2.0
399 stars 37 forks source link

Spring 5.3.26/5.2.23, Spring Boot 2.7.10/2.6.14 #232

Open julianladisch opened 1 year ago

julianladisch commented 1 year ago

Upgrade Spring and Spring Boot to the latest patch version for the given minor version.

This upgrades several vulnerable dependencies:

json-smart from 2.4.8 to 2.4.10 fixing Denial of Service (DoS): https://nvd.nist.gov/vuln/detail/CVE-2023-1370

snakeyaml from 1.17 to 1.33 fixing Denial of Service (DoS), Arbitrary Code Execution and Stack-based Buffer Overflow: https://nvd.nist.gov/vuln/detail/CVE-2017-18640 https://nvd.nist.gov/vuln/detail/CVE-2022-25857 https://nvd.nist.gov/vuln/detail/CVE-2022-1471 https://nvd.nist.gov/vuln/detail/CVE-2022-38751 https://nvd.nist.gov/vuln/detail/CVE-2022-38752

spring-expression from 5.3.24 to 5.3.26 fixing Allocation of Resources Without Limits or Throttling: https://nvd.nist.gov/vuln/detail/CVE-2023-20861