Neil Griffin created PLUTO-804:
----------------------------------
Summary: Upgrade to Spring Security 5.8.8 and Spring Framework
5.3.30
Key: PLUTO-804
URL: https://issues.apache.org/jira/browse/PLUTO-804
Project: Pluto
Issue Type: Task
Components: build system
Affects Versions: 3.1.1
Reporter: Neil Griffin
Assignee: Neil Griffin
Fix For: 3.1.2
This issue serves as a task for upgrading to Spring Security 5.8.8 and Spring
Framework 5.3.30 (which is the version of the Spring Framework that Spring
Security 5.8.8 was built against).
The upgrades are necessary, because according to dependabot, the following
security vulnerabilities are present in Spring Security 5.5.1:
* CVE-2022-22978 Critical severity
* CVE-2022-22976 Moderate severity
Also according to dependabot, the following security vulnerabilities are
present in Spring Framework 5.3.19:
* CVE-2022-22970 High severity
* CVE-2023-20863 High severity
* CVE-2022-22971 Moderate severity
* CVE-2023-20861 Moderate severity
* CVE-2016-1000027 Critical severity
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
