From b6a366c759a3c2d1ffb122ec1cc3e4ad7f194c9a Mon Sep 17 00:00:00 2001
From: ds-lcapellino <lucas.capellino@doubleslash.de>
Date: Fri, 8 Dec 2023 09:04:29 +0100
Subject: [PATCH 1/6] chore: TRACEFOSS-XXX override ch.qos.logback dependencies
 with no vulnerabilities

---
 tx-backend/pom.xml | 15 +++++++++++++--
 tx-models/pom.xml  | 12 ++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/tx-backend/pom.xml b/tx-backend/pom.xml
index 9a54d1d340..fd929bbff7 100644
--- a/tx-backend/pom.xml
+++ b/tx-backend/pom.xml
@@ -50,9 +50,8 @@ SPDX-License-Identifier: Apache-2.0
     <!-- https://mvnrepository.com/artifact/org.eclipse.jetty.websocket/websocket-parent -->
 
 
-
     <dependencies>
-                <!-- IRS Client for decentral registry approach -->
+        <!-- IRS Client for decentral registry approach -->
         <dependency>
             <groupId>org.eclipse.tractusx.irs</groupId>
             <artifactId>irs-registry-client</artifactId>
@@ -436,6 +435,18 @@ SPDX-License-Identifier: Apache-2.0
             <version>1.1.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.4.14</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.4.14</version>
+        </dependency>
+
+
     </dependencies>
 
     <pluginRepositories>
diff --git a/tx-models/pom.xml b/tx-models/pom.xml
index dfa3edc6f3..386ed8a0e3 100644
--- a/tx-models/pom.xml
+++ b/tx-models/pom.xml
@@ -90,6 +90,18 @@ SPDX-License-Identifier: Apache-2.0
             <version>${springdoc.version}</version>
         </dependency>
 
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.4.14</version>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+            <version>1.4.14</version>
+        </dependency>
+
     </dependencies>
 </project>
 

From 8811ad1a43768d81bf057fd9b498091aa04a2c3e Mon Sep 17 00:00:00 2001
From: ds-lcapellino <lucas.capellino@doubleslash.de>
Date: Fri, 8 Dec 2023 09:34:10 +0100
Subject: [PATCH 2/6] chore: TRACEFOSS-XXX update Springboot version to fix
 high vulnerability

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f030d71f14..cf6886a093 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,7 @@ SPDX-License-Identifier: Apache-2.0
     </modules>
 
     <properties>
-        <springboot.version>3.1.3</springboot.version>
+        <springboot.version>3.1.6</springboot.version>
         <spring-core.version>6.0.13</spring-core.version>
         <spring-security-config.version>6.1.3</spring-security-config.version>
         <java.version>17</java.version>

From c98c8908b48170c426826517f745f7841e64ebd5 Mon Sep 17 00:00:00 2001
From: ds-lcapellino <lucas.capellino@doubleslash.de>
Date: Fri, 8 Dec 2023 10:13:16 +0100
Subject: [PATCH 3/6] chore: TRACEFOSS-XXX update Springcore version to fix
 high vulnerability

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cf6886a093..4770b31553 100644
--- a/pom.xml
+++ b/pom.xml
@@ -39,7 +39,7 @@ SPDX-License-Identifier: Apache-2.0
 
     <properties>
         <springboot.version>3.1.6</springboot.version>
-        <spring-core.version>6.0.13</spring-core.version>
+        <spring-core.version>6.0.14</spring-core.version>
         <spring-security-config.version>6.1.3</spring-security-config.version>
         <java.version>17</java.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>

From a6298ade2b923370ac3472bc38452e8501629a9b Mon Sep 17 00:00:00 2001
From: ds-lcapellino <lucas.capellino@doubleslash.de>
Date: Fri, 8 Dec 2023 10:23:13 +0100
Subject: [PATCH 4/6] chore: TRACEFOSS-XXX update tomcat-embed-core version to
 fix high vulnerability

---
 tx-backend/pom.xml | 2 +-
 tx-models/pom.xml  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tx-backend/pom.xml b/tx-backend/pom.xml
index fd929bbff7..8c8c92ea53 100644
--- a/tx-backend/pom.xml
+++ b/tx-backend/pom.xml
@@ -198,7 +198,7 @@ SPDX-License-Identifier: Apache-2.0
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-core</artifactId>
-            <version>10.1.15</version>
+            <version>10.1.16</version>
         </dependency>
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
diff --git a/tx-models/pom.xml b/tx-models/pom.xml
index 386ed8a0e3..f0c060aaed 100644
--- a/tx-models/pom.xml
+++ b/tx-models/pom.xml
@@ -66,7 +66,7 @@ SPDX-License-Identifier: Apache-2.0
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-core</artifactId>
-            <version>10.1.15</version>
+            <version>10.1.16</version>
         </dependency>
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>

From 233392ddbe8733b33293265306db9cca2ee5deb2 Mon Sep 17 00:00:00 2001
From: ds-lcapellino <lucas.capellino@doubleslash.de>
Date: Fri, 8 Dec 2023 10:44:19 +0100
Subject: [PATCH 5/6] chore: TRACEFOSS-XXX update tomcat-embed-core version to
 fix high vulnerability

---
 tx-backend/pom.xml | 15 +++++----------
 tx-models/pom.xml  | 18 ------------------
 2 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/tx-backend/pom.xml b/tx-backend/pom.xml
index 8c8c92ea53..9f950c2f42 100644
--- a/tx-backend/pom.xml
+++ b/tx-backend/pom.xml
@@ -62,6 +62,10 @@ SPDX-License-Identifier: Apache-2.0
                     <groupId>org.eclipse.jetty</groupId>
                     <artifactId>jetty-http</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-websocket</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
@@ -185,25 +189,16 @@ SPDX-License-Identifier: Apache-2.0
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
             <exclusions>
-                <exclusion>
-                    <groupId>org.apache.tomcat.embed</groupId>
-                    <artifactId>tomcat-embed-core</artifactId>
-                </exclusion>
                 <exclusion>
                     <groupId>org.apache.tomcat.embed</groupId>
                     <artifactId>tomcat-embed-websocket</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-core</artifactId>
-            <version>10.1.16</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.tomcat.embed</groupId>
             <artifactId>tomcat-embed-websocket</artifactId>
-            <version>10.1.15</version>
+            <version>10.1.16</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
diff --git a/tx-models/pom.xml b/tx-models/pom.xml
index f0c060aaed..6fd890e71e 100644
--- a/tx-models/pom.xml
+++ b/tx-models/pom.xml
@@ -53,26 +53,8 @@ SPDX-License-Identifier: Apache-2.0
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
             <exclusions>
-                <exclusion>
-                    <groupId>org.apache.tomcat.embed</groupId>
-                    <artifactId>tomcat-embed-core</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.apache.tomcat.embed</groupId>
-                    <artifactId>tomcat-embed-websocket</artifactId>
-                </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-core</artifactId>
-            <version>10.1.16</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-websocket</artifactId>
-            <version>10.1.15</version>
-        </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>

From 632e664152020720a0c14462314b01f89147aead Mon Sep 17 00:00:00 2001
From: ds-lcapellino <lucas.capellino@doubleslash.de>
Date: Fri, 8 Dec 2023 11:13:31 +0100
Subject: [PATCH 6/6] chore: TRACEFOSS-XXX update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6026a5d242..c6fe022f3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - Parts autocomplete API now is case insensitive when using "startWith" parameter
 - changed mapping for manufacturerName when syncing assets_as_planned so it is being resolved when assets are resolved
 - Behaviour of auto complete toggle selections
+- Updated springboot version from 3.1.3 to 3.1.6
+- updated spring core version from 6.0.13 to 6.0.14
+- Update tomcat-embed-websocket from 10.0.15 to 10.0.16
+- Update logback-classic and logback-core version to 1.4.14 to mitigate high finding
 
 ### Removed
 - removed asset filters ( qualityInvestigationIdsInStatusActive, qualityInvestigationIdsInStatusActive )