Addresses CVE-2023-34055, CVE-2023-46589 (#286)

* Addresses CVE-2023-34055, CVE-2023-46589 * spring-cloud-starter-bootstrap 3.1.7
hmcts · Dec 5, 2023 · 1239484 · 1239484
1 parent 7246c33
commit 1239484
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/build.gradle b/build.gradle
@@ -4,7 +4,7 @@ plugins {
   id 'pmd'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.0.11.RELEASE'
-  id 'org.springframework.boot' version '2.7.14'
+  id 'org.springframework.boot' version '2.7.18'
   id 'com.github.ben-manes.versions' version '0.42.0'
   id 'org.sonarqube' version '3.3'
   id "org.flywaydb.flyway" version "8.5.2"
@@ -200,7 +200,7 @@ def versions = [
   junit               : '5.9.2',
   junitPlatform       : '1.9.2',
   reformLogging       : '6.0.1',
-  springBoot          : '2.7.14',
+  springBoot          : '2.7.18',
   springfoxSwagger    : '2.9.2',
   serenity            : '2.2.12',
   lombok              : '1.18.22',
@@ -232,7 +232,7 @@ dependencyManagement {
     }
 
     // CVE-2023-28709
-    dependencySet(group: 'org.apache.tomcat.embed', version: '9.0.81') {
+    dependencySet(group: 'org.apache.tomcat.embed', version: '9.0.83') {
       entry 'tomcat-embed-core'
       entry 'tomcat-embed-el'
       entry 'tomcat-embed-websocket'
@@ -270,7 +270,7 @@ dependencies {
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-hystrix', version: '2.2.10.RELEASE'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-config', version: '3.1.5'
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-config-server', version: '3.1.5'
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.0'  // Fix for CVE-2023-34040
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.7'
 
   // Fix for CVE-2022-45047, CVE-2023-35887
   implementation group: 'org.apache.sshd', name: 'sshd-common', version: '2.9.3'