Skip to content

Commit 9608a9c

Browse files
author
Dwayne Bailey
committed
Bump springboot from 1.15.14 to 1.15.19
This indirectly upgrades jackson-databind to 2.8.11.3 which resolves the selected version for a number of dependencies. Although reporting an error this release fixes: CVE-2018-14718: RCE with slf4j-ext jar CVE-2018-14719: RCE with blaze-ds-opt, -core jars CVE-2018-14720: exfiltration/XXE with only JDK classes (some JDK versions) CVE-2018-14721: exfiltration/SSRF with axis2-jaxws Ref FasterXML/jackson-databind#2097 CVE-2018-19360 (axis2-transport-jms) CVE-2018-19361 (openjpa) CVE-2018-19362 (jboss-common-core) Ref FasterXML/jackson-databind#2186 See FasterXML/jackson-databind#2097 (comment) https://github.com/FasterXML/jackson-databind/blob/2.8/release-notes/VERSION#L8-L15 RDM-3796
1 parent f145d1a commit 9608a9c

File tree

2 files changed

+1
-126
lines changed

2 files changed

+1
-126
lines changed

build.gradle

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ buildscript {
1010
plugins {
1111
id 'application'
1212
id 'io.spring.dependency-management' version '1.0.6.RELEASE'
13-
id 'org.springframework.boot' version '1.5.14.RELEASE'
13+
id 'org.springframework.boot' version '1.5.19.RELEASE'
1414
id 'org.owasp.dependencycheck' version '3.3.2'
1515
id 'se.patrikerdes.use-latest-versions' version '0.2.3'
1616
id 'com.github.ben-manes.versions' version '0.20.0'

dependency-check-suppressions.xml

-125
This file was deleted.

0 commit comments

Comments
 (0)