aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2022-03-31 17:36:55 +0200
committerThomas <>2022-03-31 17:36:55 +0200
commitd23001c7436559fade8647ffdaa158080c05f0b7 (patch)
treeb31aadae411671743c4fc8d496c2e697bf764405
parent440dcedcfb17e05e439d3019a8cfdb27c307123d (diff)
downloadNational_eIDAS_Gateway-d23001c7436559fade8647ffdaa158080c05f0b7.tar.gz
National_eIDAS_Gateway-d23001c7436559fade8647ffdaa158080c05f0b7.tar.bz2
National_eIDAS_Gateway-d23001c7436559fade8647ffdaa158080c05f0b7.zip
fix(core): switch to Spring-Core 5.3.18 and Spring-Boot 2.5.12 to fix cve-2022-22965
-rw-r--r--infos/readme_1.2.4.md1
-rw-r--r--pom.xml4
2 files changed, 3 insertions, 2 deletions
diff --git a/infos/readme_1.2.4.md b/infos/readme_1.2.4.md
index 82a6588a..9aed1251 100644
--- a/infos/readme_1.2.4.md
+++ b/infos/readme_1.2.4.md
@@ -6,6 +6,7 @@ Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID S
- Bugfix
- Work-Around für insertErnp im ID Austria Betriebsmodus
+ - Mögliche RCE Schwachstelle in Spring Framework behoben ([CVE-2022-22965](https://tanzu.vmware.com/security/cve-2022-22965))
- Akutalisierung von Drittherstellerbibliotheken
diff --git a/pom.xml b/pom.xml
index 80ee55b8..a77858cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,9 +24,9 @@
<egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
<eaaf-core.version>1.1.17</eaaf-core.version>
- <spring-boot-starter-web.version>2.5.7</spring-boot-starter-web.version>
+ <spring-boot-starter-web.version>2.5.12</spring-boot-starter-web.version>
<spring-boot-admin-starter-client.version>2.5.4</spring-boot-admin-starter-client.version>
- <org.springframework.version>5.3.13</org.springframework.version>
+ <org.springframework.version>5.3.18</org.springframework.version>
<org.thymeleaf-spring5.version>3.0.14.RELEASE</org.thymeleaf-spring5.version>
<cxf.version>3.4.5</cxf.version>