Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 137 vulnerabilities #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 137 vulnerabilities #31

wants to merge 1 commit into from

Conversation

k-tamura
Copy link
Owner

@k-tamura k-tamura commented Oct 5, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Upgrade Breaking Change Exploit Maturity Reachability
medium severity Insufficient Hostname Verification
SNYK-JAVA-CHQOSLOGBACK-1726923		 Yes No Known Exploit No Path Found
critical severity Arbitrary Code Execution
SNYK-JAVA-CHQOSLOGBACK-31407		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736		 Yes Proof of Concept No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244		 Yes No Known Exploit No Path Found
medium severity Denial of Service (DoS)
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043		 No Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917		 Yes Mature No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015		 Yes Mature No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316		 Yes No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664		 Yes Proof of Concept No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884		 No No Known Exploit No Path Found
high severity Deserialization of Untrusted Data
SNYK-JAVA-COMGOOGLECODEGSON-1730327		 com.google.api-client:google-api-client-gson:
1.30.3 -> 1.35.0
No No Known Exploit No Path Found
low severity Information Disclosure
SNYK-JAVA-COMGOOGLEGUAVA-1015415		 com.google.api-client:google-api-client-gson:
1.30.3 -> 1.35.0
com.google.oauth-client:google-oauth-client:
1.30.3 -> 1.33.3
No Proof of Concept No Path Found
high severity Improper Verification of Cryptographic Signature
SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808		 com.google.api-client:google-api-client-gson:
1.30.3 -> 1.35.0
com.google.oauth-client:google-oauth-client:
1.30.3 -> 1.33.3
No No Known Exploit No Path Found
high severity Improper Authorization
SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276		 com.google.api-client:google-api-client-gson:
1.30.3 -> 1.35.0
com.google.oauth-client:google-oauth-client:
1.30.3 -> 1.33.3
No No Known Exploit No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-COMMONSFILEUPLOAD-30082		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit No Path Found
critical severity Arbitrary Code Execution
SNYK-JAVA-COMMONSFILEUPLOAD-30401		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit No Path Found
medium severity Information Exposure
SNYK-JAVA-COMMONSFILEUPLOAD-31540		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit No Path Found
critical severity User Impersonation
SNYK-JAVA-COMUNBOUNDID-32143		 Yes No Known Exploit No Path Found
medium severity Privilege Escalation
SNYK-JAVA-MYSQL-174574		 Yes No Known Exploit No Path Found
medium severity XML External Entity (XXE) Injection
SNYK-JAVA-MYSQL-1766958		 Yes Proof of Concept No Path Found
medium severity Improper Authorization
SNYK-JAVA-MYSQL-2386864		 Yes No Known Exploit No Path Found
high severity Access Control Bypass
SNYK-JAVA-MYSQL-451464		 Yes No Known Exploit No Path Found
medium severity Denial of Service (DoS)
SNYK-JAVA-OGNL-30474		 Yes No Known Exploit No Path Found
medium severity Security Bypass
SNYK-JAVA-ORGAPACHEDERBY-32274		 org.apache.derby:derby:
10.13.1.1 -> 10.14.2.0
No No Known Exploit No Path Found
medium severity Improper Input Validation
SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058		 com.google.oauth-client:google-oauth-client:
1.30.3 -> 1.33.3
No No Known Exploit No Path Found
medium severity HTTP Request Smuggling
SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119		 Yes No Known Exploit No Path Found
medium severity Information Exposure
SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292		 Yes Proof of Concept No Path Found
medium severity Information Disclosure
SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939		 Yes No Known Exploit No Path Found
high severity Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637		 Yes No Known Exploit No Path Found
medium severity HTTP Request Smuggling
SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638		 Yes No Known Exploit No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264		 Yes No Known Exploit No Path Found
medium severity Improper Input Validation
SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265		 Yes No Known Exploit No Path Found
medium severity HTTP Request Smuggling
SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266		 Yes No Known Exploit No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268		 Yes Proof of Concept No Path Found
low severity Information Exposure
SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793		 Yes No Known Exploit No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-451342		 No No Known Exploit No Path Found
high severity Remote Code Execution
SNYK-JAVA-ORGAPACHETOMCATEMBED-451343		 No Mature No Path Found
low severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-451458		 No Mature No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-451459		 No No Known Exploit No Path Found
medium severity Open Redirect
SNYK-JAVA-ORGAPACHETOMCATEMBED-451503		 No Mature No Path Found
medium severity Information Exposure
SNYK-JAVA-ORGAPACHETOMCATEMBED-451504		 No No Known Exploit No Path Found
critical severity Insecure Defaults
SNYK-JAVA-ORGAPACHETOMCATEMBED-451505		 No No Known Exploit No Path Found
high severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-451508		 No No Known Exploit No Path Found
medium severity Directory Traversal
SNYK-JAVA-ORGAPACHETOMCATEMBED-451510		 No No Known Exploit No Path Found
medium severity Access Restriction Bypass
SNYK-JAVA-ORGAPACHETOMCATEMBED-451511		 No No Known Exploit No Path Found
high severity Arbitrary Code Execution
SNYK-JAVA-ORGAPACHETOMCATEMBED-451515		 No Mature No Path Found
low severity Session Fixation
SNYK-JAVA-ORGAPACHETOMCATEMBED-538488		 Yes No Known Exploit
high severity Remote Code Execution (RCE)
SNYK-JAVA-ORGAPACHETOMCATEMBED-570072		 Yes Mature
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGAPACHETOMCATEMBED-584427		 Yes No Known Exploit
high severity Information Disclosure
SNYK-JAVA-ORGCODEHAUSGROOVY-1048694		 Yes No Known Exploit
high severity Arbitrary Code Execution
SNYK-JAVA-ORGHIBERNATE-451605		 Yes No Known Exploit
medium severity Improper Input Validation
SNYK-JAVA-ORGHIBERNATE-568162		 Yes No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGHIBERNATE-569100		 Yes No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGOWASPANTISAMY-1320080		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGOWASPANTISAMY-2774681		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGOWASPANTISAMY-2774682		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGOWASPANTISAMY-31591		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGOWASPANTISAMY-598767		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
low severity XML External Entity (XXE) Injection
SNYK-JAVA-ORGOWASPESAPI-1088594		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
high severity Directory Traversal
SNYK-JAVA-ORGOWASPESAPI-2803305		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGOWASPESAPI-2805301		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
high severity Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832		 Yes No Known Exploit
medium severity Improper Output Neutralization for Logs
SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097		 Yes No Known Exploit
medium severity Improper Input Validation
SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878		 Yes No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828		 Yes No Known Exploit
critical severity Remote Code Execution
SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751		 Yes Mature
low severity Improper Handling of Case Sensitivity
SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634		 Yes Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313		 Yes No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORK-31689		 No No Known Exploit
medium severity Multipart Content Pollution
SNYK-JAVA-ORGSPRINGFRAMEWORK-32199		 No No Known Exploit
medium severity Directory Traversal
SNYK-JAVA-ORGSPRINGFRAMEWORK-32202		 No No Known Exploit
medium severity Cross-Site Tracing (XST)
SNYK-JAVA-ORGSPRINGFRAMEWORK-451604		 No No Known Exploit
medium severity Multipart Content Pollution
SNYK-JAVA-ORGSPRINGFRAMEWORK-460644		 Yes No Known Exploit
medium severity Information Exposure
SNYK-JAVA-ORGSPRINGFRAMEWORK-467268		 No No Known Exploit
low severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORK-72470		 No No Known Exploit
high severity Insecure Temporary File
SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287		 Yes No Known Exploit
critical severity Arbitrary Code Execution
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32219		 No Mature
high severity Denial of Service (DoS)
SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32231		 No No Known Exploit
high severity Access Restriction Bypass
SNYK-JAVA-ORGSPRINGFRAMEWORKLDAP-31584		 Yes No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-ORGYAML-537645		 Yes Proof of Concept
high severity Arbitrary Class Load
SNYK-JAVA-XALAN-31385		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JAVA-XERCES-31497		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No Mature
medium severity Denial of Service (DoS)
SNYK-JAVA-XERCES-32014		 org.owasp.esapi:esapi:
2.1.0.1 -> 2.3.0.0
No No Known Exploit

Vulnerabilities that could not be fixed

  • Upgrade:
    • Could not upgrade com.unboundid:unboundid-ldapsdk@3.2.1 to com.unboundid:unboundid-ldapsdk@4.0.5; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade mysql:mysql-connector-java@5.1.43 to mysql:mysql-connector-java@8.0.28; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.apache.tomcat.embed:tomcat-embed-jasper@8.5.16 to org.apache.tomcat.embed:tomcat-embed-jasper@8.5.78; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-devtools@1.5.6.RELEASE to org.springframework.boot:spring-boot-devtools@2.5.13; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-actuator@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-actuator@2.0.0.RELEASE; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-data-ldap@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-data-ldap@2.7.1; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-jdbc@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-jdbc@2.5.14; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-mail@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-mail@2.5.14; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-thymeleaf@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-thymeleaf@2.0.0.RELEASE; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-tomcat@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-tomcat@2.5.13; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom
    • Could not upgrade org.springframework.boot:spring-boot-starter-web@1.5.6.RELEASE to org.springframework.boot:spring-boot-starter-web@2.5.14; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/1.5.6.RELEASE/spring-boot-dependencies-1.5.6.RELEASE.pom

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: pom.xml to reduce vulnerabilities
4711f45 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-1726923
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-31407
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31573
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467014
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467015
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-467016
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469674
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-469676
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559106
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72445
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72446
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72447
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72448
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72449
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72450
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72882
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72883
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72884
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540
- https://snyk.io/vuln/SNYK-JAVA-COMUNBOUNDID-32143
- https://snyk.io/vuln/SNYK-JAVA-MYSQL-174574
- https://snyk.io/vuln/SNYK-JAVA-MYSQL-1766958
- https://snyk.io/vuln/SNYK-JAVA-MYSQL-2386864
- https://snyk.io/vuln/SNYK-JAVA-MYSQL-451464
- https://snyk.io/vuln/SNYK-JAVA-OGNL-30474
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEDERBY-32274
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728264
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728265
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728266
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1728268
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451342
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451343
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451458
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451459
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451503
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451504
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451505
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451508
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451510
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451511
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-451515
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427
- https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSGROOVY-1048694
- https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-451605
- https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-568162
- https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-569100
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-1320080
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-2774681
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-2774682
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-31591
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-598767
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPESAPI-1088594
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPESAPI-2803305
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPESAPI-2805301
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31689
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-32199
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-32202
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-451604
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-460644
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-467268
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-72470
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-2438287
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32219
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKDATA-32231
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKLDAP-31584
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645
- https://snyk.io/vuln/SNYK-JAVA-XALAN-31385
- https://snyk.io/vuln/SNYK-JAVA-XERCES-31497
- https://snyk.io/vuln/SNYK-JAVA-XERCES-32014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@k-tamura @snyk-bot