Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Upgrade spring to 2.7.x (backport) #16388

Merged
merged 1 commit into from Jan 5, 2023
Merged

fix: Upgrade spring to 2.7.x (backport) #16388

merged 1 commit into from Jan 5, 2023

Conversation

zhem0004
Copy link
Collaborator

@zhem0004 zhem0004 commented Jan 4, 2023

This is a backport to BBB 2.5

Backport to BBB 2.5 of #15467
Backport to BBB 2.5 of #15771
Backport to BBB 2.5 of #15782

The upgraded transitive dependencies include the following fixes:

  Upgrade org.grails:grails-core@5.0.1 to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-context@5.3.12 and 8 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-context@5.3.12 > org.springframework:spring-expression@5.3.12 and 1 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-core@5.3.12 and 13 other path(s)
    
  
  
  
  Upgrade org.grails:grails-plugin-rest@5.0.1  to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-context@5.3.12 and 8 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-beans@5.3.12 and 8 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-core@5.3.12 and 13 other path(s)

    
  
  Upgrade org.grails:grails-web-boot@5.0.1 to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-context@5.3.12 and 8 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-beans@5.3.12 and 8 other path(s)
  ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-context@5.3.12 > org.springframework:spring-expression@5.3.12 and 1 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-core@5.3.12 and 13 other path(s)
    
  
  
  
  Upgrade org.springframework.boot:spring-boot-autoconfigure@2.5.5  to fix
  ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-context@5.3.12 and 8 other path(s)
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-core@5.3.12 and 13 other path(s)
    
  
  
  
  Upgrade org.springframework.boot:spring-boot-starter-actuator@2.5.5  to fix
  ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.3.12
    introduced by org.grails:grails-core@5.0.1 > org.springframework:spring-core@5.3.12 and 13 other path(s)
    
  
  
  
  Upgrade org.springframework.boot:spring-boot-starter-logging@2.5.5 to fix
  ✗ Insufficient Hostname Verification [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923] in ch.qos.logback:logback-core@1.2.6
    introduced by org.springframework.boot:spring-boot-starter-logging@2.5.5 > ch.qos.logback:logback-classic@1.2.6 > ch.qos.logback:logback-core@1.2.6

@sonarcloud
Copy link

sonarcloud bot commented Jan 4, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 5 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
0.6% 0.6% Duplication

@antobinary antobinary added this to the Release 2.5 milestone Jan 4, 2023
@antobinary antobinary merged commit 15c6a00 into bigbluebutton:v2.5.x-release Jan 5, 2023
@zhem0004 zhem0004 mentioned this pull request Jan 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release 2.5
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zhem0004 @antobinary