Skip to content

Commit

Permalink
Update Spring to 5.3.39 to fix CVE-2024-38808. Require commons-config…
Browse files Browse the repository at this point in the history
…uration2 2.11.0 to fix CVE-2024-29131 and CVE-2024-29133. Hadoop pulls this dependency in. (#4874)

Signed-off-by: David Venable <[email protected]>
  • Loading branch information
dlvenable authored Aug 26, 2024
1 parent 0a26f59 commit 9244818
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
6 changes: 6 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,12 @@ subprojects {
}
because 'Fixes CVE-2023-39410.'
}
implementation('org.apache.commons:commons-configuration2') {
version {
require '2.11.0'
}
because 'Fixes CVE-2024-29131 and CVE-2024-29133.'
}
implementation('org.apache.httpcomponents:httpclient') {
version {
require '4.5.14'
Expand Down
2 changes: 1 addition & 1 deletion settings.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ dependencyResolutionManagement {
version('opensearch', '1.3.14')
library('opensearch-client', 'org.opensearch.client', 'opensearch-rest-client').versionRef('opensearch')
library('opensearch-rhlc', 'org.opensearch.client', 'opensearch-rest-high-level-client').versionRef('opensearch')
version('spring', '5.3.28')
version('spring', '5.3.39')
library('spring-core', 'org.springframework', 'spring-core').versionRef('spring')
library('spring-context', 'org.springframework', 'spring-context').versionRef('spring')
version('bouncycastle', '1.78.1')
Expand Down

0 comments on commit 9244818

Please sign in to comment.