Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: fixed cve spring-webmvc #313

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix: fixed cve spring-webmvc #313

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
87ce8cd
updated springboot version to 3.4.0
agg3fe Feb 13, 2025
67dc116
updated springboot version to 3.4.0
agg3fe Feb 13, 2025
7806094
fixed cve spring-webmvc
agg3fe Feb 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## 0.6.0
### fixed
- fixed cve CVE-2024-38819 spring-webmvc


## 0.5.3
### Added
- Added test case for saving a semantic model with a dependent model
Expand Down
40 changes: 1 addition & 39 deletions DEPENDENCIES
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,6 @@ maven/mavencentral/com.fasterxml/classmate/1.6.0, Apache-2.0, approved, clearlyd
maven/mavencentral/com.github.andrewoma.dexx/collection/0.7, MIT, approved, CQ22160
maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.8, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.curious-odd-man/rgxgen/2.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.docker-java/docker-java-api/3.2.13, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.2.13, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #3059
maven/mavencentral/com.github.docker-java/docker-java-transport/3.2.13, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949
maven/mavencentral/com.github.virtuald/curvesapi/1.08, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, Apache-2.0 and CC-BY-2.5, approved, #15220
Expand All @@ -29,10 +26,8 @@ maven/mavencentral/com.google.guava/guava/32.1.1-jre, Apache-2.0 AND CC0-1.0 AND
maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava, Apache-2.0, approved, CQ22657
maven/mavencentral/com.google.j2objc/j2objc-annotations/2.8, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.ibm.icu/icu4j/72.1, ICU, approved, #4354
maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.networknt/json-schema-validator/1.4.0, Apache-2.0 AND Unicode-TOU, approved, #13812
maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310
maven/mavencentral/com.zaxxer/SparseBitSet/1.3, Apache-2.0, approved, #10726
maven/mavencentral/commons-cli/commons-cli/1.6.0, Apache-2.0, approved, #11339
maven/mavencentral/commons-codec/commons-codec/1.16.1, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #9157
Expand Down Expand Up @@ -71,12 +66,6 @@ maven/mavencentral/jakarta.websocket/jakarta.websocket-client-api/2.1.1, EPL-2.0
maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb
maven/mavencentral/javax.activation/javax.activation-api/1.2.0, (CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ18740
maven/mavencentral/javax.xml.bind/jaxb-api/2.3.1, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16911
maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.13, Apache-2.0, approved, #7164
maven/mavencentral/net.bytebuddy/byte-buddy/1.14.13, Apache-2.0 AND BSD-3-Clause, approved, #7163
maven/mavencentral/net.java.dev.jna/jna/5.8.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ23217
maven/mavencentral/net.minidev/accessors-smart/2.5.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/net.minidev/json-smart/2.5.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.antlr/antlr4-runtime/4.5.3, BSD-2-Clause, approved, CQ9834
maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, #17660
maven/mavencentral/org.apache.commons/commons-compress/1.26.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #13288
Expand Down Expand Up @@ -139,9 +128,6 @@ maven/mavencentral/org.apache.xmlgraphics/batik-transcoder/1.17, Apache-2.0, app
maven/mavencentral/org.apache.xmlgraphics/batik-util/1.17, Apache-2.0, approved, #10150
maven/mavencentral/org.apache.xmlgraphics/batik-xml/1.17, Apache-2.0, approved, #10153
maven/mavencentral/org.apache.xmlgraphics/xmlgraphics-commons/2.9, Apache-2.0, approved, #15397
maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, #17641
maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161
maven/mavencentral/org.awaitility/awaitility/4.2.1, Apache-2.0, approved, #14178
maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined
maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670
maven/mavencentral/org.eclipse.digitaltwin.aas4j/aas4j-dataformat-aasx/1.0.2, Apache-2.0, approved, dt.aas4j
Expand Down Expand Up @@ -196,35 +182,19 @@ maven/mavencentral/org.graalvm.regex/regex/23.0.5, UPL-1.0, approved, #11529
maven/mavencentral/org.graalvm.sdk/graal-sdk/23.0.5, UPL-1.0, approved, #9850
maven/mavencentral/org.graalvm.truffle/truffle-api/23.0.5, UPL-1.0 AND (MIT AND UPL-1.0), approved, #11527
maven/mavencentral/org.graphper/graph-support/1.3.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.hamcrest/hamcrest-core/2.2, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, #17677
maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, CC0-1.0, approved, #15259
maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.1.Final, Apache-2.0 AND CC-PDDC, approved, #18198
maven/mavencentral/org.jboss.forge.roaster/roaster-api/2.29.0.Final, EPL-1.0, approved, #11526
maven/mavencentral/org.jboss.forge.roaster/roaster-jdt/2.29.0.Final, , approved, #11525
maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
maven/mavencentral/org.jeasy/easy-random-core/5.0.0, MIT, approved, clearlydefined
maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.3, EPL-2.0, approved, #3133
maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.3, EPL-2.0, approved, #3125
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approved, #3134
maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.3, EPL-2.0, approved, #6972
maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130
maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.3, EPL-2.0, approved, #3128
maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, CC0-1.0, approved, #15280
maven/mavencentral/org.mapstruct/mapstruct/1.5.3.Final, Apache-2.0, approved, #6277
maven/mavencentral/org.mockito/mockito-core/5.7.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #11424
maven/mavencentral/org.mockito/mockito-junit-jupiter/5.7.0, MIT, approved, #11423
maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.openapitools/jackson-databind-nullable/0.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, #17680
maven/mavencentral/org.ow2.asm/asm-commons/9.7, BSD-3-Clause, approved, #16465
maven/mavencentral/org.ow2.asm/asm-tree/9.7, BSD-3-Clause, approved, #16466
maven/mavencentral/org.ow2.asm/asm/9.7, BSD-3-Clause, approved, #16464
maven/mavencentral/org.projectlombok/lombok/1.18.34, MIT, approved, #15192
maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
maven/mavencentral/org.roaringbitmap/RoaringBitmap/1.0.5, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.slf4j/jcl-over-slf4j/2.0.7, MIT AND Apache-2.0, approved, #11889
maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.7, MIT, approved, #7698
maven/mavencentral/org.slf4j/slf4j-api/2.0.7, MIT, approved, #5915
Expand All @@ -240,36 +210,28 @@ maven/mavencentral/org.springframework.boot/spring-boot-starter-jetty/3.2.5, Apa
maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.2.5, Apache-2.0, approved, #11894
maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.2.5, Apache-2.0, approved, #11890
maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.2.5, Apache-2.0, approved, #11931
maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.2.5, Apache-2.0, approved, #12917
maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.2.5, Apache-2.0, approved, #12921
maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.2.5, Apache-2.0, approved, #11916
maven/mavencentral/org.springframework.boot/spring-boot-starter/3.2.5, Apache-2.0, approved, #11935
maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.2.5, Apache-2.0, approved, #12920
maven/mavencentral/org.springframework.boot/spring-boot-test/3.2.5, Apache-2.0, approved, #12916
maven/mavencentral/org.springframework.boot/spring-boot/3.2.5, Apache-2.0, approved, #11752
maven/mavencentral/org.springframework.security/spring-security-config/6.3.4, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springframework.security/spring-security-core/6.3.4, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springframework.security/spring-security-crypto/6.3.4, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.3.4, Apache-2.0, approved, #16892
maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.3.4, Apache-2.0, approved, #16884
maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.3.4, Apache-2.0, approved, #16888
maven/mavencentral/org.springframework.security/spring-security-test/6.3.4, Apache-2.0, approved, #16974
maven/mavencentral/org.springframework.security/spring-security-web/6.3.4, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springframework/spring-aop/6.1.13, Apache-2.0, approved, #15221
maven/mavencentral/org.springframework/spring-beans/6.1.13, Apache-2.0, approved, #15213
maven/mavencentral/org.springframework/spring-context/6.1.13, Apache-2.0, approved, #15261
maven/mavencentral/org.springframework/spring-core/6.1.13, Apache-2.0 AND BSD-3-Clause, approved, #15206
maven/mavencentral/org.springframework/spring-expression/6.1.13, Apache-2.0, approved, #15264
maven/mavencentral/org.springframework/spring-jcl/6.1.13, Apache-2.0, approved, #15266
maven/mavencentral/org.springframework/spring-test/6.1.13, Apache-2.0, approved, #15265
maven/mavencentral/org.springframework/spring-web/6.1.13, Apache-2.0, approved, #15188
maven/mavencentral/org.springframework/spring-webmvc/6.1.13, Apache-2.0, approved, #15182
maven/mavencentral/org.testcontainers/junit-jupiter/1.17.6, MIT, approved, clearlydefined
maven/mavencentral/org.testcontainers/testcontainers/1.17.6, MIT, approved, #3074
maven/mavencentral/org.springframework/spring-webmvc/6.1.14, Apache-2.0, approved, #15182
maven/mavencentral/org.topbraid/shacl/1.3.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.webjars/swagger-ui/4.15.5, Apache-2.0 AND MIT, approved, #5921
maven/mavencentral/org.webjars/webjars-locator-core/0.55, MIT, approved, clearlydefined
maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
maven/mavencentral/org.yaml/snakeyaml/2.0, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #7275
maven/mavencentral/xml-apis/xml-apis-ext/1.3.04, Apache-2.0, approved, CQ1448
maven/mavencentral/xml-apis/xml-apis/1.4.01, Apache-2.0 OR LicenseRef-Public-Domain OR W3C, approved, CQ9621
9 changes: 9 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Tempory fix for a finding in snakeyaml v1.30, remove once new Spring Boot release contains fix -->
Expand Down Expand Up @@ -420,6 +424,11 @@
<version>${testcontainer.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>6.1.14</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
Loading