Neil Griffin created PLUTO-804: ---------------------------------- Summary: Upgrade to Spring Security 5.8.8 and Spring Framework 5.3.30 Key: PLUTO-804 URL: https://issues.apache.org/jira/browse/PLUTO-804 Project: Pluto Issue Type: Task Components: build system Affects Versions: 3.1.1 Reporter: Neil Griffin Assignee: Neil Griffin Fix For: 3.1.2
This issue serves as a task for upgrading to Spring Security 5.8.8 and Spring Framework 5.3.30 (which is the version of the Spring Framework that Spring Security 5.8.8 was built against). The upgrades are necessary, because according to dependabot, the following security vulnerabilities are present in Spring Security 5.5.1: * CVE-2022-22978 Critical severity * CVE-2022-22976 Moderate severity Also according to dependabot, the following security vulnerabilities are present in Spring Framework 5.3.19: * CVE-2022-22970 High severity * CVE-2023-20863 High severity * CVE-2022-22971 Moderate severity * CVE-2023-20861 Moderate severity * CVE-2016-1000027 Critical severity -- This message was sent by Atlassian Jira (v8.20.10#820010)