Skip to content

Version 2.11.9
Compare
Choose a tag to compare
@nenaraab nenaraab released this 21 Dec 16:32
· 841 commits to main since this release
2.11.9
f9a36f6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
  • provides Bill of Material that helps you to keep all of your SAP security related dependencies on sync:
<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>com.sap.cloud.security</groupId>
            <artifactId>java-bom</artifactId>
            <version>2.11.9</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

See sample.

Dependency upgrades

  • Bump spring.security.version from 5.6.0 to 5.6.1
  • Bump spring.core.version from 5.3.13 to 5.3.14
  • Bump log4j-api to 2.17.0 (CVE-2021-45105)
  • Sets Spring property log4j2.version to 2.17.0 and overwrites org.apache.logging.log4j:log4j-to-slf4j and org.apache.logging.log4j:log4j-api version used in the Spring projects. This patch is not urgent, see also Blog: Log4J2 Vulnerability and Spring Boot.
  • Bump reactor-core from 3.4.12 to 3.4.13
  • Bump log4j-to-slf4j from 2.14.1 to 2.17.0
Assets 2
Loading