Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates example analytics-service to Spring Boot 3.1.6 fixing CVE-2023-34055 #3721

Merged
merged 1 commit into from
Nov 30, 2023
Merged

Updates example analytics-service to Spring Boot 3.1.6 fixing CVE-2023-34055 #3721

merged 1 commit into from
Nov 30, 2023

Conversation

dlvenable
Copy link
Member

@dlvenable dlvenable commented Nov 29, 2023
edited
Loading

Description

Spring Boot recently released a patch to fix a vulnerability. This PR updates the Spring Boot version to the one which mitigates the issue.

https://spring.io/security/cve-2023-34055

Also updates the Spring dependency management library to the latest version.

Issues Resolved

N/A

Resolves CVE-2023-34055.

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dlvenable dlvenable merged commit 979a004 into opensearch-project:main Nov 30, 2023
51 checks passed
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 30, 2023
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 30, 2023
@dlvenable @github-actions
Updates the example analytics-service to Spring Boot 3.1.6 which fixes
957b3be 
…CVE-2023-34055. (#3721)

Signed-off-by: David Venable <[email protected]>
(cherry picked from commit 979a004)
dlvenable added a commit that referenced this pull request Dec 1, 2023
@opensearch-trigger-bot @dlvenable
Updates the example analytics-service to Spring Boot 3.1.6 which fixes
1a0d142 
…CVE-2023-34055. (#3721) (#3732)

Signed-off-by: David Venable <[email protected]>
(cherry picked from commit 979a004)

Co-authored-by: David Venable <[email protected]>
@dlvenable dlvenable deleted the fix-spring-boot-cve branch December 11, 2023 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kkondaka kkondaka kkondaka approved these changes

@asifsmohammed asifsmohammed asifsmohammed approved these changes

@chenqi0805 chenqi0805 Awaiting requested review from chenqi0805 chenqi0805 is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@dinujoh dinujoh Awaiting requested review from dinujoh dinujoh is a code owner

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

Assignees
No one assigned
Labels
backport 2.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dlvenable @asifsmohammed @kkondaka