From d23001c7436559fade8647ffdaa158080c05f0b7 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 31 Mar 2022 17:36:55 +0200
Subject: fix(core): switch to Spring-Core 5.3.18 and Spring-Boot 2.5.12 to fix
 cve-2022-22965

---
 infos/readme_1.2.4.md | 1 +
 pom.xml               | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/infos/readme_1.2.4.md b/infos/readme_1.2.4.md
index 82a6588a..9aed1251 100644
--- a/infos/readme_1.2.4.md
+++ b/infos/readme_1.2.4.md
@@ -6,6 +6,7 @@ Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID S
 
   - Bugfix
       - Work-Around für insertErnp im ID Austria Betriebsmodus
+      - Mögliche RCE Schwachstelle in Spring Framework behoben ([CVE-2022-22965](https://tanzu.vmware.com/security/cve-2022-22965))
 - Akutalisierung von Drittherstellerbibliotheken
 
 
diff --git a/pom.xml b/pom.xml
index 80ee55b8..a77858cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,9 +24,9 @@
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
     <eaaf-core.version>1.1.17</eaaf-core.version>
 
-    <spring-boot-starter-web.version>2.5.7</spring-boot-starter-web.version>
+    <spring-boot-starter-web.version>2.5.12</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.5.4</spring-boot-admin-starter-client.version>
-    <org.springframework.version>5.3.13</org.springframework.version>
+    <org.springframework.version>5.3.18</org.springframework.version>
     <org.thymeleaf-spring5.version>3.0.14.RELEASE</org.thymeleaf-spring5.version>
     <cxf.version>3.4.5</cxf.version>
 
-- 
cgit v1.2.3