Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework:spring-core to v5.3.27 [SECURITY] #46

Merged
merged 1 commit into from
Apr 25, 2023
Merged

Update dependency org.springframework:spring-core to v5.3.27 [SECURITY] #46

merged 1 commit into from
Apr 25, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 17, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework:spring-core 5.3.26 -> 5.3.27 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-20863

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial-of-service (DoS) condition.

Release Notes

spring-projects/spring-framework

v5.3.27

Compare Source

⭐ New Features
  • Limit string concatenation in SpEL expressions #​30331
  • Limit SpEL expression length #​30329
  • Disable variable assignment in SimpleEvaluationContext #​30327
  • Introduce StringUtils.truncate() #​30291
  • Introduce ObjectUtils.nullSafeConciseToString() #​30287
  • Make HttpComponentsHeadersAdapter#getFirst nullable #​30269
🐞 Bug Fixes
  • Fix regression in ReactorServerHttpRequest related to IPV6 Zone id with "%" #​30314
  • SSE breaks with indenting serializer in WebMvc.fn #​30302
  • Increase max regex length in SpEL expressions #​30298
  • NullPointerException on timeout in HttpComponentsClientHttpConnector when using Apache HttpComponents #​30246
  • Wrong MockRestRequestMatchers.header() method in spring-test being invoked (JDK issue?) #​30235
  • TypeNotPresentException: org/springframework/cglib/proxy/NoOp not present on Java 17 #​30228
  • Refine generic type management in AbstractMessageWriterResultHandler #​30215
  • MvcUriComponentsBuilder.fromMethodCall breaks for controller with CharSequence return type #​30212
  • Handle all exceptions for stored proc output param retrieval in SharedEntityManagerCreator #​30164
📔 Documentation
  • Fix @PathVariable reference documentation code snippets #​30258
  • Fix example in Javadoc for @EnableWebSocket #​30187
  • Fix anchor in link to "Web on Reactive Stack" chapter #​30163
🔨 Dependency Upgrades

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@asafonov303 asafonov303 merged commit d36736b into main Apr 25, 2023
@asafonov303 asafonov303 deleted the renovate/maven-org.springframework-spring-core-vulnerability branch April 25, 2023 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@asafonov303