(fineract) branch develop updated: FINERACT-2326: Upgrade dependencies

Sat, 18 Oct 2025 09:36:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

adamsaghy pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git


The following commit(s) were added to refs/heads/develop by this push:
     new 4838843b5c FINERACT-2326: Upgrade dependencies
4838843b5c is described below

commit 4838843b5c541540217c4464049e59a4d0498243
Author: Adam Saghy <[email protected]>
AuthorDate: Tue Oct 7 14:05:16 2025 +0200

    FINERACT-2326: Upgrade dependencies
---
 .../main/groovy/org.apache.fineract.dependencies.gradle    | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle 
b/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle
index 2f682717cf..c4677a432d 100644
--- a/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle
+++ b/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle
@@ -63,7 +63,7 @@ dependencyManagement {
             exclude 'com.sun.mail:javax.mail'
             exclude 'javax.activation:activation'
         }
-        dependency 'commons-io:commons-io:2.17.0'
+        dependency 'commons-io:commons-io:2.18.0'
         dependency 'com.github.librepdf:openpdf:2.0.3'
         dependency ('org.mnode.ical4j:ical4j:3.2.19') {
             exclude 'com.sun.mail:javax.mail'
@@ -125,7 +125,6 @@ dependencyManagement {
 
         dependency 'io.github.classgraph:classgraph:4.8.179'
         dependency 'org.awaitility:awaitility:4.2.2'
-        // TODO: upgrade to 4.8.3
         dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6'
         dependency 'javax.cache:cache-api:1.1.1'
         dependency 'org.mock-server:mockserver-junit-jupiter:5.15.0'
@@ -234,9 +233,6 @@ dependencyManagement {
             exclude 'org.slf4j:jcl-over-slf4j'
             exclude 'org.slf4j:slf4j-api'
         }
-
-        //v42.7.5: performance issue: 
https://github.com/pgjdbc/pgjdbc/issues/3511#issuecomment-2637277977
-        //v42.7.4: CVE-2025-49146: 
https://nvd.nist.gov/vuln/detail/CVE-2025-49146
         dependency 'org.postgresql:postgresql:42.7.8'
 
         dependency 'com.mysql:mysql-connector-j:9.2.0'
@@ -273,11 +269,13 @@ dependencyManagement {
         dependency 'org.yakworks:spring-icu4j:0.4.2'
         dependency 'org.apache.commons:commons-lang3:3.18.0'
         dependency 'com.nimbusds:nimbus-jose-jwt:10.0.2'
-        // Force Spring Framework version: 
https://spring.io/security/cve-2025-41249
+        // Force Spring Framework version: CVE-2025-41249
         dependency 'org.springframework:spring-core:6.2.11'
-        // Force Spring Framework version: 
https://spring.io/security/cve-2025-41248
+        // Force Spring Framework version: CVE-2025-41248
         dependency 'org.springframework.security:spring-security-core:6.5.4'
-        // Force netty-codec version: 
https://scout.docker.com/vulnerabilities/id/CVE-2025-58057
+        // Force netty-codec version: CVE-2025-58057
         dependency 'io.netty:netty-codec:4.1.125.Final'
+        // Force netty-codec version: CVE-2025-58056
+        dependency 'io.netty:netty-codec-http:4.1.125.Final'
     }
 }

Reply via email to