From 284e0de36c166e4217ff5e3fbb85b9ed5007b75a Mon Sep 17 00:00:00 2001
From: Tunahan Cicek <tunahan.cicek@de.bosch.com>
Date: Wed, 9 Oct 2024 14:47:47 +0200
Subject: [PATCH] Fix security issues

---
 CHANGELOG.md | 45 +++++++++++++++++++--------------------------
 pom.xml      |  6 +++---
 2 files changed, 22 insertions(+), 29 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 569121e..02eee40 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,16 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 0.4.0
+
+## 0.5.0-RC1
 ### Added
+### fixed
+- Update Spring Boot to version 3.3.4
+- Update lombok to version 1.18.34
 
-## fixed
+## 0.4.0
+### Added
+### fixed
 - Implemented mandatory changes in licensing and legal documentation
 - Updated spring boot version to 3.3.1
 
 ## 0.3.1
 ### Added
-## fixed
+### fixed
 - security fix spring-web:6.1.5.jar
 
 ## 0.3.0
@@ -22,69 +28,56 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - Update Springboot to version 3.2.4
 - Update Springboot to version 3.2.3
 - Update postgres dependency version to 42.7.2
-
-## fixed
+### fixed
 
 ## 0.2.8
 ### Added
 - new field "timeToLive" to DiscoveryEndpoint added, so that a time to live can be provided for the self registration at the DiscoveryFinder
-
-## fixed
+### fixed
 
 ## 0.2.7
 ### Added
-
-## fixed
+### fixed
 - AUTHORS.md updated
 - SECURITY.md updated
 - Updated link to INSTALL.md at README.md to be reachable from DockerHub
 - Spring Boot version updated to 3.1.6 to fix CVE-2023-46589 and CVE-2023-34053
 - update logback version to fix CVE-2023-6378
 
-
 ## 0.2.6
 ### Added
 - Introduced versioning of the APIs of the Discovery Services.First version of this API is 1.0
-
-## fixed
-
+### fixed
 
 ## 0.2.5-M1
 ### Added
 - new workflow for testing Helm chart
 - Resource Management has been improved
-
-## fixed
+### fixed
 
 ## 0.2.4-M1
 ### Added
 - new resource management for Kubernetes added
 - Adjustment done to the Helm Chart structure
-
-## fixed
-
+### fixed
 
 ## 0.2.3-M1
 ### Added
 - Add legal information for distributions in jar
-
-## fixed
+### fixed
 
 ## 0.2.2-M1
 ### Added
-
-## fixed
+### fixed
 - Fix CVE-2023-34035 (update springboot to version 3.1.2)
 
 ## 0.2.1-M1
 ### Added
-
-## fixed
+### fixed
 - fix CVE-2023-20862
 - fix CVE-2023-20873
 
 ## 0.2.0-M1
 ### Added
 - Provide APIs to create, delete and update bpn-discoveries
--
-## fixed
\ No newline at end of file
+### fixed
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 30c7411..5124547 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
    <parent>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-parent</artifactId>
-      <version>3.3.1</version> <!-- need to be repeated in properties section for technical purposes -->
+      <version>3.3.4</version> <!-- need to be repeated in properties section for technical purposes -->
       <relativePath/> <!-- lookup parent from repository and not the filesystem -->
    </parent>
 
@@ -64,9 +64,9 @@
 
       <!-- version properties -->
       <!-- framework and base stuff -->
-      <spring.boot.version>3.3.1</spring.boot.version>
+      <spring.boot.version>3.3.4</spring.boot.version>
       <spring-framework.version>6.1.6</spring-framework.version>
-      <lombok.version>1.18.24</lombok.version>
+      <lombok.version>1.18.34</lombok.version>
       <openapi-starter-webmvc-ui.version>2.0.2</openapi-starter-webmvc-ui.version>
       <swagger-annotations.version>1.5.20</swagger-annotations.version>
       <swagger-core-version>2.0.0</swagger-core-version>