Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-20 23:05:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #11 from cloudogu/feature/fix_cve_2022_22965

Browse source 
Fix CVE-2022-22965 by upgrading spring boot
This commit is contained in:
nhinze23 2022-04-05 09:36:45 +02:00 committed by GitHub
commit b7814f6ef3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
CHANGELOG.md Normal file
View file

@ -0,0 +1,10 @@
# spring-petclinic Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Fixed
- Upgrade spring boot to version 2.5.12 as a precaution to fix the [RCE CVE-2022-22965]( https://nvd.nist.gov/vuln/detail/CVE-2022-22965). The spring petclinic was generally not affected by this CVE as it runs with an embedded tomcat instead of a standalone version.

4
pom.xml
View file

@ -5,12 +5,12 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.samples</groupId>
<artifactId>spring-petclinic</artifactId>
<version>2.3.0.BUILD-SNAPSHOT</version>
<version>2.4.0.BUILD-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.3.RELEASE</version>
<version>2.5.12</version>
</parent>
<name>petclinic</name>