New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump spring-framework-bom from 5.3.25 to 5.3.26 #7760
Bump spring-framework-bom from 5.3.25 to 5.3.26 #7760
Conversation
Bumps [spring-framework-bom](https://github.com/spring-projects/spring-framework) from 5.3.25 to 5.3.26. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v5.3.25...v5.3.26) --- updated-dependencies: - dependency-name: org.springframework:spring-framework-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was worried by the entry in the 5.3.26 changelog that says:
- Spring Framework 5.3.x is incompatible with Jetty 10 (Client) #29867
But that issue is fixing an incompatibility that we never detected (as far as I can tell).
This PR is now ready for merge. We will merge it after approximately 24 hours if there is no negative feedback. /label ready-for-merge |
This should be backported to 387.x LTS to fix CVE-2023-20860 /label lts-candidate |
That vulnerability does not impact Jenkins. |
Thank you! |
This should be backported to 387.x LTS to fix CVE-2023-20861 |
No further explanation is generally provided to explain why a CVE in a dependency does not impact Jenkins. With regard to CVE’s in dependencies, the Jenkins security officer has said:
As far as I know, Jenkins does not use SPeL expressions, so a backport of this update will only silence security scanners without having any real impact on Jenkins security. |
Bumps spring-framework-bom from 5.3.25 to 5.3.26.
Release notes
Sourced from spring-framework-bom's releases.
Commits
3540029
Release v5.3.26eafe3af
Polishing and minor refactoring in HandlerMappingIntrospector26e0343
Improve diagnostics in SpEL formatches
operator4d5e720
Improve diagnostics in SpEL for repeated text430fc25
Increase scope of regex pattern cache for the SpELmatches
operator0882ca5
Polishing94bbf85
Stop printing to System.out in SpEL tests2c2ef12
Upgrade to Netty 4.1.90 and Checkstyle 10.9.1120d512
Polishing (backported from main)3ddf183
Update copyright headersDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Proposed changelog entries