diff options
| author | Thomas <> | 2022-03-31 17:36:55 +0200 |
|---|---|---|
| committer | Thomas <> | 2022-03-31 17:36:55 +0200 |
| commit | d23001c7436559fade8647ffdaa158080c05f0b7 (patch) | |
| tree | b31aadae411671743c4fc8d496c2e697bf764405 | |
| parent | 440dcedcfb17e05e439d3019a8cfdb27c307123d (diff) | |
| download | National_eIDAS_Gateway-d23001c7436559fade8647ffdaa158080c05f0b7.tar.gz National_eIDAS_Gateway-d23001c7436559fade8647ffdaa158080c05f0b7.tar.bz2 National_eIDAS_Gateway-d23001c7436559fade8647ffdaa158080c05f0b7.zip | |
fix(core): switch to Spring-Core 5.3.18 and Spring-Boot 2.5.12 to fix cve-2022-22965
| -rw-r--r-- | infos/readme_1.2.4.md | 1 | ||||
| -rw-r--r-- | pom.xml | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/infos/readme_1.2.4.md b/infos/readme_1.2.4.md index 82a6588a..9aed1251 100644 --- a/infos/readme_1.2.4.md +++ b/infos/readme_1.2.4.md @@ -6,6 +6,7 @@ Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID S - Bugfix - Work-Around für insertErnp im ID Austria Betriebsmodus + - Mögliche RCE Schwachstelle in Spring Framework behoben ([CVE-2022-22965](https://tanzu.vmware.com/security/cve-2022-22965)) - Akutalisierung von Drittherstellerbibliotheken @@ -24,9 +24,9 @@ <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend> <eaaf-core.version>1.1.17</eaaf-core.version> - <spring-boot-starter-web.version>2.5.7</spring-boot-starter-web.version> + <spring-boot-starter-web.version>2.5.12</spring-boot-starter-web.version> <spring-boot-admin-starter-client.version>2.5.4</spring-boot-admin-starter-client.version> - <org.springframework.version>5.3.13</org.springframework.version> + <org.springframework.version>5.3.18</org.springframework.version> <org.thymeleaf-spring5.version>3.0.14.RELEASE</org.thymeleaf-spring5.version> <cxf.version>3.4.5</cxf.version> |