commit: vulnerability resolved updated dependency spring-web-6.1.6 to…

… spring-web-6.1.12
WorldHealthOrganization · Aug 22, 2024 · a850110 · a850110
1 parent 2657161
commit a850110
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 5 deletions.
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
@@ -42,8 +42,4 @@
     <notes>False positive, Dependency Updated but still matches for fixed version</notes>
     <cve>CVE-2022-45688</cve>
   </suppress>
-  <suppress>
-    <notes>spring-web-6.1.6.jar [Versions of this package are vulnerable to Denial of Service (DoS) due to improper ETag prefix validation when the application parses ETags from the If-Match or If-None-Match request headers]</notes>
-    <cve>CVE-2024-38809</cve>
-  </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -126,7 +126,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>6.1.6</version>
+            <version>6.1.12</version>
         </dependency>
 
         <!-- Persistence Dependencies -->