[
https://issues.apache.org/jira/browse/PLUTO-804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Griffin closed PLUTO-804.
------------------------------
Resolution: Fixed
> Upgrade to Spring Security 5.8.8 and Spring Framework 5.3.30
> ------------------------------------------------------------
>
> Key: PLUTO-804
> URL: https://issues.apache.org/jira/browse/PLUTO-804
> Project: Pluto
> Issue Type: Task
> Components: build system
> Affects Versions: 3.1.1
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.1.2
>
>
> This issue serves as a task for upgrading to Spring Security 5.8.8 and Spring
> Framework 5.3.30 (which is the version of the Spring Framework that Spring
> Security 5.8.8 was built against).
> The upgrades are necessary, because according to dependabot, the following
> security vulnerabilities are present in Spring Security 5.5.1:
> * CVE-2022-22978 Critical severity
> * CVE-2022-22976 Moderate severity
> Also according to dependabot, the following security vulnerabilities are
> present in Spring Framework 5.3.19:
> * CVE-2022-22970 High severity
> * CVE-2023-20863 High severity
> * CVE-2022-22971 Moderate severity
> * CVE-2023-20861 Moderate severity
> * CVE-2016-1000027 Critical severity
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
