From 55bb267f9d238419e20444630df2be42bedb0f9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= <bjoern.wenzel@dbschenker.com>
Date: Thu, 31 Mar 2022 16:16:09 +0200
Subject: [PATCH] CVE-2022-22965 - upgrade spring boot version

---
 pom.xml                                       |  2 +-
 .../vault/config/GlobalControllerAdvice.java  | 19 -------------------
 2 files changed, 1 insertion(+), 20 deletions(-)
 delete mode 100644 src/main/java/de/koudingspawn/vault/config/GlobalControllerAdvice.java

diff --git a/pom.xml b/pom.xml
index ab506b8..d74b045 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.5.11</version>
+		<version>2.5.12</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
diff --git a/src/main/java/de/koudingspawn/vault/config/GlobalControllerAdvice.java b/src/main/java/de/koudingspawn/vault/config/GlobalControllerAdvice.java
deleted file mode 100644
index 94e339d..0000000
--- a/src/main/java/de/koudingspawn/vault/config/GlobalControllerAdvice.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package de.koudingspawn.vault.config;
-
-import org.springframework.core.annotation.Order;
-import org.springframework.web.bind.WebDataBinder;
-import org.springframework.web.bind.annotation.ControllerAdvice;
-import org.springframework.web.bind.annotation.InitBinder;
-
-// https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
-@ControllerAdvice
-@Order(10000)
-public class GlobalControllerAdvice {
-
-    @InitBinder
-    public void setAllowedFields(WebDataBinder dataBinder) {
-        String[] abd = new String[]{"class.*", "Class.*", "*.class.*", "*.Class.*"};
-        dataBinder.setDisallowedFields(abd);
-    }
-
-}
\ No newline at end of file