Hello All, As per my understanding I updated the spring version from 5.3.27 to 5.3.32 in pom.xml file
After doing that I rebuild the backend code using mvn clean package and ant fresh install command While rebuilding I was getting error "Dependency convergence error for org.springframework:spring-context-support". I resolved that error and build done successfully. I want to know that only these steps are needed to upgrade spring in DSpace or I am missing some steps How should I check that Now Server is using upgraded Spring version Any suggestion or help is highly appreciated On Wednesday, March 27, 2024 at 6:40:30 PM UTC+5:30 Salony Permanand wrote: > Hello All, > > I am using DSpace 7.6 version . > > I have an vulnerability issue with Spring version in my Dspace > > It throws warning as "Applications that use 'UriComponentsBuilder' to > parse an externally provided URL (e.g. through a query parameter) AND > perform validation checks on > the host of the parsed URL may be vulnerable to a open redirect attack" > > The only solution available is upgrade from 5.3.27 to 5.3.32(which is > secure version). > > But when I am trying to upgrade it create lots of issues with DSpace > version and not supported. > > Can anyone help regarding that and suggest what to do > > Any help is highly appreciated > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/dee7c49e-07f5-4a97-bcea-225f61746f6fn%40googlegroups.com.
