Merge pull request #103 from catenax-ng/spring_security_fix

[fix|sde-backend] : spring security vulnerability CVE-2024-22234 fix
eclipse-tractusx · Mar 4, 2024 · 6efe867 · 6efe867
2 parents 484b94a + d8c0dff
commit 6efe867
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Fixed
 - open api fix in sde-open-api.yml.
 - Fixed Postgres vulnerability CVE-2024-1597.
+- Fixed spring security Vulnerability CVE-2024-22234.
 
 ## [2.3.5] - 2024-02-20
 

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -135,7 +135,7 @@ maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.3, Apache-
 maven/mavencentral/org.springframework.data/spring-data-commons/3.1.6, Apache-2.0, approved, #8805
 maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.6, Apache-2.0, approved, #9120
 maven/mavencentral/org.springframework.security/spring-security-config/6.1.2, Apache-2.0, approved, #9736
-maven/mavencentral/org.springframework.security/spring-security-core/6.1.2, Apache-2.0, approved, #9801
+maven/mavencentral/org.springframework.security/spring-security-core/6.2.2, Apache-2.0, approved, #11904
 maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.5, Apache-2.0 AND ISC, approved, #9735
 maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.5, Apache-2.0, approved, #9741
 maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.1.5, Apache-2.0, approved, #9345

diff --git a/pom.xml b/pom.xml
@@ -154,7 +154,7 @@
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-core</artifactId>
-			<version>6.1.2</version>
+			<version>6.2.2</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>