Skip to content

Fix BlackDuck security risks#521

Closed
rishikunnath2747 wants to merge 1 commit into
developfrom
fix/blackduck-all-risks
Closed

Fix BlackDuck security risks#521
rishikunnath2747 wants to merge 1 commit into
developfrom
fix/blackduck-all-risks

Conversation

@rishikunnath2747

Copy link
Copy Markdown
Contributor
  • Upgrade spring-boot-starter-parent from 3.2.6 to 3.5.16 in multi-tenant apps (resolves transitive CVEs in Tomcat 10.1.x, Spring Framework 6.1.x, Spring Security 6.2/6.3, jackson-databind 2.15/2.17)
  • Upgrade spring.boot.version from 3.3.1 to 3.5.16 in single-tenant apps (resolves Spring Boot 3.3.1 CVEs and above transitive dependencies)
  • Add dependencyManagement overrides for Netty 4.2.15.Final (was 4.1.110.Final)
  • Add dependencyManagement overrides for Bouncy Castle 1.84 (was 1.78.1)

Type of change

Please delete options that are not relevant.

  • Blackduck Scan fix (non-breaking change which fixes an issue)

Checklist before requesting a review

  • I follow Java Development Guidelines for SAP
  • I have tested the functionality on my cloud environment.
  • I have provided sufficient automated/ unit tests for the code.
  • I have increased or maintained the test coverage.
  • I have ran integration tests on my cloud environment.
  • I have validated blackduck portal for any vulnerability after my commit.

Upload Screenshots/lists of the scenarios tested

  • I have Uploaded Screenshots or added lists of the scenarios tested in description

…ncy Castle

- Upgrade spring-boot-starter-parent from 3.2.6 to 3.5.16 in multi-tenant apps
  (resolves transitive CVEs in Tomcat 10.1.x, Spring Framework 6.1.x,
   Spring Security 6.2/6.3, jackson-databind 2.15/2.17)
- Upgrade spring.boot.version from 3.3.1 to 3.5.16 in single-tenant apps
  (resolves Spring Boot 3.3.1 CVEs and above transitive dependencies)
- Add dependencyManagement overrides for Netty 4.2.15.Final (was 4.1.110.Final)
- Add dependencyManagement overrides for Bouncy Castle 1.84 (was 1.78.1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants