Unidata · haileyajohnson · Mar 20, 2024 · Mar 20, 2024 · Mar 20, 2024
@@ -146,12 +146,4 @@
     <packageUrl regex="true">^pkg:maven/org\.quartz\-scheduler/quartz@.*$</packageUrl>
     <cve>CVE-2023-39017</cve>
   </suppress>
-  <suppress>
-    <notes><![CDATA[
-      file name: thredds-5.5-SNAPSHOT.war: spring-security-core-5.7.11.jar
-      reason: we do not use AuthenticatedVoter directly
-    ]]></notes>
-    <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-core@.*$</packageUrl>
-    <vulnerabilityName>CVE-2024-22257</vulnerabilityName>
-  </suppress>
 </suppressions>
@@ -15,7 +15,7 @@ dependencies {
   // at that point we can take things on a case-by-case basis.
   api enforcedPlatform("edu.ucar:netcdf-java-bom:${depVersion.netcdfJava}")
   api enforcedPlatform('org.springframework:spring-framework-bom:5.3.32')
-  api enforcedPlatform('org.springframework.security:spring-security-bom:5.7.11')
+  api enforcedPlatform('org.springframework.security:spring-security-bom:5.7.12')
   api platform('net.openhft:chronicle-bom:2.23.136')
   api enforcedPlatform("org.apache.logging.log4j:log4j-bom:2.17.1")
   api enforcedPlatform("jakarta.platform:jakarta.jakartaee-bom:8.0.0")