From a8501104ba5331370784670b3da09a7361b388b4 Mon Sep 17 00:00:00 2001
From: dattatrayamote <dattatraya.mote@t-systems.com>
Date: Thu, 22 Aug 2024 14:56:24 +0530
Subject: [PATCH] commit: vulnerability resolved updated dependency
 spring-web-6.1.6 to spring-web-6.1.12

---
 owasp/suppressions.xml | 4 ----
 pom.xml                | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index bc2b077..cff20e3 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -42,8 +42,4 @@
     <notes>False positive, Dependency Updated but still matches for fixed version</notes>
     <cve>CVE-2022-45688</cve>
   </suppress>
-  <suppress>
-    <notes>spring-web-6.1.6.jar [Versions of this package are vulnerable to Denial of Service (DoS) due to improper ETag prefix validation when the application parses ETags from the If-Match or If-None-Match request headers]</notes>
-    <cve>CVE-2024-38809</cve>
-  </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index c79a35a..f979264 100644
--- a/pom.xml
+++ b/pom.xml
@@ -126,7 +126,7 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>6.1.6</version>
+            <version>6.1.12</version>
         </dependency>
 
         <!-- Persistence Dependencies -->