Skip to content

Commit

Permalink
Merge pull request #102 from bci-oss/bugfix/fix-CVE-2023-20863-spring…
Browse files Browse the repository at this point in the history 
…-core

Update spring-core to version 6.0.8
  • Loading branch information
@bs-jokri
bs-jokri authored Apr 20, 2023
2 parents 3445df1 + c9e594e commit 11a319f
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,8 +234,20 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
<!-- Exlude spring-core because of CVE-2023-20863 (spring-core in version 6.0.7) -->
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- add explicit dependency spring-expression because of CVE-2023-20863 (spring-core in version 6.0.7).
Remove after spring-boot-starter-web includes the newest version of spring-expression-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>6.0.8</version>
</dependency>

<!-- logging -->
<dependency>
Expand Down

0 comments on commit 11a319f

Please sign in to comment.