From 40f3766fa0d77bc9fc8681996abcaf31494a5004 Mon Sep 17 00:00:00 2001 From: Rishi Kunnath Date: Tue, 30 Jun 2026 09:56:49 +0530 Subject: [PATCH] fix BlackDuck security risks: bump Spring Boot and override Netty/Bouncy Castle - Upgrade spring-boot-starter-parent from 3.2.6 to 3.5.16 in multi-tenant apps (resolves transitive CVEs in Tomcat 10.1.x, Spring Framework 6.1.x, Spring Security 6.2/6.3, jackson-databind 2.15/2.17) - Upgrade spring.boot.version from 3.3.1 to 3.5.16 in single-tenant apps (resolves Spring Boot 3.3.1 CVEs and above transitive dependencies) - Add dependencyManagement overrides for Netty 4.2.15.Final (was 4.1.110.Final) - Add dependencyManagement overrides for Bouncy Castle 1.84 (was 1.78.1) --- .../cloud-cap-samples-java/pom.xml | 23 ++++++++++++++++++- .../cloud-cap-samples-java/pom.xml | 23 ++++++++++++++++++- .../central-space/demoapp/pom.xml | 23 ++++++++++++++++++- .../personal-space/demoapp/pom.xml | 23 ++++++++++++++++++- 4 files changed, 88 insertions(+), 4 deletions(-) diff --git a/app/multi-tenant/central-space/cloud-cap-samples-java/pom.xml b/app/multi-tenant/central-space/cloud-cap-samples-java/pom.xml index 125460c5..27560642 100644 --- a/app/multi-tenant/central-space/cloud-cap-samples-java/pom.xml +++ b/app/multi-tenant/central-space/cloud-cap-samples-java/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 3.2.6 + 3.5.16 @@ -72,6 +72,27 @@ 4.0.0 + + + io.netty + netty-bom + 4.2.15.Final + pom + import + + + + + org.bouncycastle + bcprov-jdk18on + 1.84 + + + org.bouncycastle + bcpkix-jdk18on + 1.84 + + diff --git a/app/multi-tenant/personal-space/cloud-cap-samples-java/pom.xml b/app/multi-tenant/personal-space/cloud-cap-samples-java/pom.xml index c2c6df6a..096fbcbc 100644 --- a/app/multi-tenant/personal-space/cloud-cap-samples-java/pom.xml +++ b/app/multi-tenant/personal-space/cloud-cap-samples-java/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 3.2.6 + 3.5.16 @@ -72,6 +72,27 @@ 4.0.0 + + + io.netty + netty-bom + 4.2.15.Final + pom + import + + + + + org.bouncycastle + bcprov-jdk18on + 1.84 + + + org.bouncycastle + bcpkix-jdk18on + 1.84 + + diff --git a/app/single-tenant/central-space/demoapp/pom.xml b/app/single-tenant/central-space/demoapp/pom.xml index 272527e3..78e4008c 100644 --- a/app/single-tenant/central-space/demoapp/pom.xml +++ b/app/single-tenant/central-space/demoapp/pom.xml @@ -18,7 +18,7 @@ 21 4.1.1 - 3.3.1 + 3.5.16 8.0.2 https://nodejs.org/dist/ @@ -48,6 +48,27 @@ pom import + + + + io.netty + netty-bom + 4.2.15.Final + pom + import + + + + + org.bouncycastle + bcprov-jdk18on + 1.84 + + + org.bouncycastle + bcpkix-jdk18on + 1.84 + diff --git a/app/single-tenant/personal-space/demoapp/pom.xml b/app/single-tenant/personal-space/demoapp/pom.xml index 272527e3..78e4008c 100644 --- a/app/single-tenant/personal-space/demoapp/pom.xml +++ b/app/single-tenant/personal-space/demoapp/pom.xml @@ -18,7 +18,7 @@ 21 4.1.1 - 3.3.1 + 3.5.16 8.0.2 https://nodejs.org/dist/ @@ -48,6 +48,27 @@ pom import + + + + io.netty + netty-bom + 4.2.15.Final + pom + import + + + + + org.bouncycastle + bcprov-jdk18on + 1.84 + + + org.bouncycastle + bcpkix-jdk18on + 1.84 +