[80424] update spring-web dependency to 6.1.12 for addressing vulnera…

…bility CVE-2024-38809
eu-federation-gateway-service · Sep 3, 2024 · c14d278 · c14d278
1 parent e162d4b
commit c14d278
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -234,6 +234,15 @@
       <version>${logback.version}</version>
     </dependency>
 
+    <!-- Explicitly set dependency of spring-web to 6.1.12 in order to address vulnerability CVE-2024-38809.
+         This is a temporary solution, as the spring-cloud-starter-parent 2023.0.3 depends on the vulnerable version 6.1.10.
+         TODO: remove this dependency as soon as the spring-cloud-starter-parent is updated to a future version that address the vulnerability -->
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-web</artifactId>
+      <version>6.1.12</version>
+    </dependency>
+
     <!-- Test Dependencies -->
     <dependency>
       <groupId>org.springframework.boot</groupId>