[ https://issues.apache.org/jira/browse/PLUTO-804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neil Griffin closed PLUTO-804. ------------------------------ Resolution: Fixed > Upgrade to Spring Security 5.8.8 and Spring Framework 5.3.30 > ------------------------------------------------------------ > > Key: PLUTO-804 > URL: https://issues.apache.org/jira/browse/PLUTO-804 > Project: Pluto > Issue Type: Task > Components: build system > Affects Versions: 3.1.1 > Reporter: Neil Griffin > Assignee: Neil Griffin > Priority: Major > Fix For: 3.1.2 > > > This issue serves as a task for upgrading to Spring Security 5.8.8 and Spring > Framework 5.3.30 (which is the version of the Spring Framework that Spring > Security 5.8.8 was built against). > The upgrades are necessary, because according to dependabot, the following > security vulnerabilities are present in Spring Security 5.5.1: > * CVE-2022-22978 Critical severity > * CVE-2022-22976 Moderate severity > Also according to dependabot, the following security vulnerabilities are > present in Spring Framework 5.3.19: > * CVE-2022-22970 High severity > * CVE-2023-20863 High severity > * CVE-2022-22971 Moderate severity > * CVE-2023-20861 Moderate severity > * CVE-2016-1000027 Critical severity > -- This message was sent by Atlassian Jira (v8.20.10#820010)