From 3b25ec5c4daf8592549f57eb88390ffff6da7c3c Mon Sep 17 00:00:00 2001 From: Tara Drwenski Date: Wed, 20 Mar 2024 10:37:18 -0600 Subject: [PATCH 1/2] Revert "Suppress CVE that does not affect us (#479)" This reverts commit 1f78cd3210780d85b8cdd1262cc638853db8d393. --- .../dependency-check-suppression.xml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/project-files/owasp-dependency-check/dependency-check-suppression.xml b/project-files/owasp-dependency-check/dependency-check-suppression.xml index 8ff8f873b3..08eba890ff 100644 --- a/project-files/owasp-dependency-check/dependency-check-suppression.xml +++ b/project-files/owasp-dependency-check/dependency-check-suppression.xml @@ -146,12 +146,4 @@ ^pkg:maven/org\.quartz\-scheduler/quartz@.*$ CVE-2023-39017 - - - ^pkg:maven/org\.springframework\.security/spring\-security\-core@.*$ - CVE-2024-22257 - From 864ad8009dd96d119e1aff9d48d982dcacf38dfd Mon Sep 17 00:00:00 2001 From: Tara Drwenski Date: Wed, 20 Mar 2024 10:37:45 -0600 Subject: [PATCH 2/2] Bump spring security version --- tds-platform/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tds-platform/build.gradle b/tds-platform/build.gradle index 4327f20530..6adf05542b 100644 --- a/tds-platform/build.gradle +++ b/tds-platform/build.gradle @@ -15,7 +15,7 @@ dependencies { // at that point we can take things on a case-by-case basis. api enforcedPlatform("edu.ucar:netcdf-java-bom:${depVersion.netcdfJava}") api enforcedPlatform('org.springframework:spring-framework-bom:5.3.32') - api enforcedPlatform('org.springframework.security:spring-security-bom:5.7.11') + api enforcedPlatform('org.springframework.security:spring-security-bom:5.7.12') api platform('net.openhft:chronicle-bom:2.23.136') api enforcedPlatform("org.apache.logging.log4j:log4j-bom:2.17.1") api enforcedPlatform("jakarta.platform:jakarta.jakartaee-bom:8.0.0")