diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72ea675b..668a136b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
## [Unreleased]
### Fixed
+- Fixed the CVE-2023-3635 security issue
+- Fixed the CVE-2023-6481 security issue
- Fixed the CVE-2023-33202 security issue
- Fixed veracode security CVE-2023-6378(logback-classic Denial Of Service)
- Upgrade Spring Boot to get rid of CVE-2023-46589 and CVE-2023-34053
diff --git a/DEPENDENCIES b/DEPENDENCIES
index a7d1dea2..8ecc282e 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -1,5 +1,5 @@
-maven/mavencentral/ch.qos.logback/logback-classic/1.4.13, EPL-1.0 OR LGPL-2.1-only, approved, #3435
-maven/mavencentral/ch.qos.logback/logback-core/1.4.13, EPL-1.0 OR LGPL-2.1-only, approved, #3373
+maven/mavencentral/ch.qos.logback/logback-classic/1.4.14, EPL-1.0 OR LGPL-2.1-only, approved, #3435
+maven/mavencentral/ch.qos.logback/logback-core/1.4.14, EPL-1.0 OR LGPL-2.1-only, approved, #3373
maven/mavencentral/com.apicatalog/titanium-json-ld/1.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.danubetech/key-formats-java/1.6.0, Apache-2.0, approved, #10950
maven/mavencentral/com.danubetech/verifiable-credentials-java/1.1.0, Apache-2.0, approved, #10953
@@ -23,10 +23,9 @@ maven/mavencentral/com.google.protobuf/protobuf-javalite/3.22.3, BSD-3-Clause, a
maven/mavencentral/com.goterl/lazysodium-java/5.1.1, MPL-2.0, approved, #10952
maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.31, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.squareup.okhttp3/okhttp/4.10.0, Apache-2.0 AND MPL-2.0, approved, #3057
-maven/mavencentral/com.squareup.okio/okio-jvm/3.0.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.squareup.okio/okio-jvm/3.7.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641
maven/mavencentral/commons-fileupload/commons-fileupload/1.5, Apache-2.0, approved, #7109
-maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745
maven/mavencentral/decentralized-identity/jsonld-common-java/1.1.0, Apache-2.0, approved, #10954
maven/mavencentral/info.weboftrust/ld-signatures-java/1.2.0, Apache-2.0, approved, #10951
maven/mavencentral/io.github.classgraph/classgraph/4.8.149, MIT, approved, CQ22530
@@ -63,8 +62,6 @@ maven/mavencentral/org.glassfish/jakarta.json/2.0.0, EPL-2.0 OR GPL-2.0-only wit
maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.1.Final, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.22, Apache-2.0, approved, #8910
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.22, Apache-2.0, approved, #8807
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.22, Apache-2.0, approved, #8875
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.22, Apache-2.0, approved, #8865
maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.projectlombok/lombok/1.18.30, MIT AND LicenseRef-Public-Domain, approved, CQ23907
diff --git a/pom.xml b/pom.xml
index 6c45da58..9583b54b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -63,11 +63,6 @@
-
- commons-fileupload
- commons-fileupload
- 1.5
-
org.springframework.boot
spring-boot-starter-web
@@ -75,30 +70,9 @@
org.springframework.boot
spring-boot-starter-logging
-
-
- ch.qos.logback
- logback-classic
-
-
-
-
- ch.qos.logback
- logback-classic
- 1.4.13
-
-
- ch.qos.logback
- logback-core
-
-
-
-
- ch.qos.logback
- logback-core
- 1.4.13
+
org.projectlombok
lombok
@@ -181,6 +155,26 @@
pom
import
+
+ ch.qos.logback
+ logback-core
+ 1.4.14
+
+
+ ch.qos.logback
+ logback-classic
+ 1.4.14
+
+
+ commons-fileupload
+ commons-fileupload
+ 1.5
+
+
+ com.squareup.okio
+ okio-jvm
+ 3.7.0
+