Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.boot:spring-boot-starter-web - autoclosed #569

Closed
wants to merge 1 commit into from
Closed

Update dependency org.springframework.boot:spring-boot-starter-web - autoclosed #569

wants to merge 1 commit into from

Conversation

mend-for-jackfan.us.kg[bot]
Copy link

This PR contains the following updates:

Package Update Change
org.springframework.boot:spring-boot-starter-web (source) major 1.5.17.RELEASE -> 2.0.0.M4
org.springframework.boot:spring-boot-starter-web (source) major 1.5.18.RELEASE -> 2.0.0.M4
org.springframework.boot:spring-boot-starter-web (source) minor 2.5.4 -> 2.6.0
org.springframework.boot:spring-boot-starter-web (source) minor 2.4.1 -> 2.5.8

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 10.0 CVE-2018-14721 #22
High 9.8 CVE-2016-1000027 #86
High 9.8 CVE-2018-14718 #69
High 9.8 CVE-2018-14719 #68
High 9.8 CVE-2018-14720 #20
High 9.8 CVE-2018-19360 #207
High 9.8 CVE-2018-19361 #205
High 9.8 CVE-2018-19362 #204
High 9.8 CVE-2019-10202 #247
High 9.8 CVE-2019-14379 #60
High 9.8 CVE-2019-14540 #297
High 9.8 CVE-2019-14892 #343
High 9.8 CVE-2019-14893 #341
High 9.8 CVE-2019-16335 #25
High 9.8 CVE-2019-16942 #331
High 9.8 CVE-2019-16943 #333
High 9.8 CVE-2019-17267 #146
High 9.8 CVE-2019-17531 #4
High 9.8 CVE-2019-20330 #219
High 9.8 CVE-2020-8840 #53
High 9.8 CVE-2020-9546 #345
High 9.8 CVE-2020-9547 #346
High 9.8 CVE-2020-9548 #347
High 9.8 CVE-2022-22965 #504
High 8.8 CVE-2020-10672 #175
High 8.8 CVE-2020-10673 #176
High 8.8 CVE-2020-10968 #96
High 8.8 CVE-2020-10969 #98
High 8.8 CVE-2020-11111 #248
High 8.8 CVE-2020-11112 #250
High 8.8 CVE-2020-11113 #249
High 8.1 CVE-2019-0232 #262
High 8.1 CVE-2020-11619 #144
High 8.1 CVE-2020-11620 #156
High 8.1 CVE-2020-14060 #56
High 8.1 CVE-2020-14061 #57
High 8.1 CVE-2020-14062 #58
High 8.1 CVE-2020-14195 #73
High 8.1 CVE-2020-24616 #209
High 8.1 CVE-2020-24750 #213
High 8.1 CVE-2020-35490 #326
High 8.1 CVE-2020-35491 #329
High 8.1 CVE-2020-35728 #188
High 8.1 CVE-2020-36179 #389
High 8.1 CVE-2020-36180 #41
High 8.1 CVE-2020-36181 #40
High 8.1 CVE-2020-36182 #43
High 8.1 CVE-2020-36183 #42
High 8.1 CVE-2020-36184 #47
High 8.1 CVE-2020-36185 #45
High 8.1 CVE-2020-36186 #49
High 8.1 CVE-2020-36187 #48
High 8.1 CVE-2020-36188 #37
High 8.1 CVE-2020-36189 #36
High 8.1 CVE-2021-20190 #163
High 7.8 CVE-2022-27772 #502
High 7.5 CVE-2019-0199 #360
High 7.5 CVE-2019-10072 #313
High 7.5 CVE-2019-12086 #3
High 7.5 CVE-2019-14439 #317
High 7.5 CVE-2019-17563 #123
High 7.5 CVE-2020-13934 #172
High 7.5 CVE-2020-13935 #173
High 7.5 CVE-2020-36518 #500
High 7.5 CVE-2021-25122 #376
High 7.5 CVE-2021-41079 #44
High 7.0 CVE-2020-9484 #244
High 7.0 CVE-2021-25329 #332
Medium 6.5 CVE-2020-5421 #129
Medium 6.5 CVE-2022-22950 #501
Medium 6.1 CVE-2019-0221 #254
Medium 5.9 CVE-2019-12384 #378
Medium 5.9 CVE-2019-12814 #151
Medium 5.9 CVE-2021-24122 #340
Medium 5.3 CVE-2021-33037 #114
Medium 4.8 CVE-2020-1935 #349
Medium 4.3 CVE-2020-13943 #179
Medium 4.3 CVE-2021-22096 #464
Medium 4.3 CVE-2021-22096 #464
Medium 4.3 CVE-2021-22096 #464

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2016-1000027 #86
High 9.8 CVE-2018-14719 #68
High 9.8 CVE-2019-10202 #247
High 9.8 CVE-2019-14379 #60
High 9.8 CVE-2019-14540 #297
High 9.8 CVE-2019-14892 #343
High 9.8 CVE-2019-14893 #341
High 9.8 CVE-2019-16335 #25
High 9.8 CVE-2019-16942 #331
High 9.8 CVE-2019-16943 #333
High 9.8 CVE-2019-17267 #146
High 9.8 CVE-2019-17531 #4
High 9.8 CVE-2019-20330 #219
High 9.8 CVE-2020-8840 #53
High 9.8 CVE-2020-9546 #345
High 9.8 CVE-2020-9547 #346
High 9.8 CVE-2020-9548 #347
High 9.8 CVE-2022-22965 #504
High 8.8 CVE-2020-10672 #175
High 8.8 CVE-2020-10673 #176
High 8.8 CVE-2020-10968 #96
High 8.8 CVE-2020-10969 #98
High 8.8 CVE-2020-11111 #248
High 8.8 CVE-2020-11112 #250
High 8.8 CVE-2020-11113 #249
High 8.1 CVE-2020-11619 #144
High 8.1 CVE-2020-11620 #156
High 8.1 CVE-2020-14060 #56
High 8.1 CVE-2020-14061 #57
High 8.1 CVE-2020-14062 #58
High 8.1 CVE-2020-14195 #73
High 8.1 CVE-2020-24616 #209
High 8.1 CVE-2020-24750 #213
High 8.1 CVE-2020-35490 #326
High 8.1 CVE-2020-35491 #329
High 8.1 CVE-2020-35728 #188
High 8.1 CVE-2020-36179 #389
High 8.1 CVE-2020-36180 #41
High 8.1 CVE-2020-36181 #40
High 8.1 CVE-2020-36182 #43
High 8.1 CVE-2020-36183 #42
High 8.1 CVE-2020-36184 #47
High 8.1 CVE-2020-36185 #45
High 8.1 CVE-2020-36186 #49
High 8.1 CVE-2020-36187 #48
High 8.1 CVE-2020-36188 #37
High 8.1 CVE-2020-36189 #36
High 8.1 CVE-2021-20190 #163
High 7.8 CVE-2022-27772 #502
High 7.5 CVE-2019-12086 #3
High 7.5 CVE-2019-14439 #317
High 7.5 CVE-2020-36518 #500
Medium 6.5 CVE-2020-5421 #129
Medium 5.9 CVE-2019-12384 #378
Medium 5.9 CVE-2019-12814 #151
Medium 5.9 WS-2021-0616 #487
Medium 4.3 CVE-2021-22096 #464
Medium 4.3 CVE-2021-22096 #464

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2017-5929 #201
High 8.1 CVE-2019-0232 #262
High 7.5 CVE-2019-0199 #360
High 7.5 CVE-2019-10072 #313
High 7.5 CVE-2019-17563 #123
High 7.5 CVE-2020-11996 #170
High 7.5 CVE-2020-13934 #172
High 7.5 CVE-2020-13935 #173
High 7.5 CVE-2021-25122 #376
High 7.5 CVE-2021-41079 #44
High 7.0 CVE-2020-9484 #244
High 7.0 CVE-2021-25329 #332
Medium 6.6 CVE-2021-42550 #475
Medium 6.6 CVE-2021-42550 #475
Medium 6.1 CVE-2019-0221 #254
Medium 5.9 CVE-2021-24122 #340
Medium 5.3 CVE-2021-33037 #114
Medium 4.8 CVE-2020-1935 #349
Medium 4.3 CVE-2020-13943 #179
Medium 4.3 CVE-2021-22096 #464

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 6.5 CVE-2022-22950 #501

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2022-22965 #504
High 7.5 CVE-2020-36518 #500
Medium 6.6 CVE-2021-42550 #475
Medium 6.6 CVE-2021-42550 #475
Medium 6.5 CVE-2022-22950 #501
Medium 4.3 CVE-2021-22060 #480
Medium 4.3 CVE-2021-22060 #480
Medium 4.3 CVE-2021-22096 #464
Medium 4.3 CVE-2021-22096 #464
Medium 4.3 CVE-2021-22096 #464

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.8 CVE-2021-22118 #79
High 7.5 CVE-2021-25122 #376
High 7.5 CVE-2021-41079 #44
High 7.0 CVE-2021-25329 #332
Medium 5.3 CVE-2021-33037 #114
Medium 4.3 CVE-2021-22060 #480
Medium 4.3 CVE-2021-22096 #464
Medium 4.3 CVE-2021-22096 #464

Release Notes

spring-projects/spring-boot

v1.5.22.RELEASE

🪲 Bug Fixes

  • Embedded MongoDB uses HTTP rather than HTTPS by default to download Mongo binaries #​17191
  • spring-boot-dependencies manages jetty-infinispan which no longer exists #​16925

📔 Documentation

  • Link to Apache Licence from Maven Plugin docs rather than embedding it #​17317
  • Improve javadoc of management server port #​17068
  • Fix persistent session property name #​16894
  • Correct expansion of jOOQ in the reference docs #​16879

🔨 Dependency Upgrades

  • Upgrade to Mysql 5.1.48 #​17783
  • Upgrade to Spring Security Oauth 2.0.18.RELEASE #​17671
  • Upgrade to Spring Security 4.2.13.RELEASE #​17670
  • Upgrade to Spring Cloud Connectors 1.2.9.RELEASE #​17669
  • Upgrade to Jetty 9.4.19.v20190610 #​17668
  • Upgrade to Tomcat 8.5.43 #​17667
  • Upgrade to Httpclient 4.5.9 #​17666
  • Upgrade to Appengine Sdk 1.9.76 #​17665
  • Upgrade to Spring Integration 4.3.21 #​17642
  • Upgrade to Spring AMQP 1.7.14 #​17640
  • Upgrade to spring-javaformat 0.0.15 #​17359
  • Upgrade to Spring Data Ingalls-SR23 #​17352
  • Upgrade to Spring Framework 4.3.25 #​17221
  • Upgrade to Dependency Management Plugin 1.0.8.RELEASE #​17149

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.21.RELEASE

🪲 Bug Fixes

  • Some syntax in the reference documentation is not highlighted or is missing altogether #​16548

📔 Documentation

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.20.RELEASE

🪲 Bug Fixes

  • Permit use of @JsonTest without Jackson #​16070
  • When unzipping, spring init may write zip entries outside the specified output location #​16028
  • Tomcat does not create temporary directory used to store file uploads when it does not exist #​9616

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v1.5.19.RELEASE

🔨 Dependency Upgrades

v1.5.18.RELEASE

⭐ New Features

  • Update the homepage in the homebrew formula to avoid a redirect #​14851

🪲 Bug Fixes

  • AnnotationsPropertySource can throw a NPE when javax meta-annotations are present #​15175
  • Allow early ServletRequest Autowiring with embedded containers #​14990

📔 Documentation

  • Document launcher's use of temp directory for libraries that require unpacking #​15180
  • Fixed typo in Maven Site doc #​15176

🔨 Dependency Upgrades

  • Upgrade to Spring Data Ingalls-SR17 #​15305
  • Upgrade to Jackson 2.8.11.20181123 #​15289
  • Upgrade to Spring Security 4.2.10 #​15255
  • Upgrade to Spring Session 1.3.4.RELEASE #​15242
  • Upgrade to Spring Integration 4.3.18.RELEASE #​15241
  • Upgrade to Spring Cloud Connectors 1.2.7.RELEASE #​15240
  • Upgrade to Tomcat 8.5.35 #​15238
  • Upgrade to Appengine Sdk 1.9.68 #​15236
  • Upgrade to Spring Framework 4.3.21 #​15188
  • Upgrade to Appengine Sdk 1.9.67 #​14955

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot added the security fix Security fix generated by WhiteSource label Apr 18, 2022
@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot changed the title Update dependency org.springframework.boot:spring-boot-starter-web Update dependency org.springframework.boot:spring-boot-starter-web - autoclosed Apr 25, 2022
@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot deleted the whitesource-remediate/org.springframework.boot-spring-boot-starter-web-2.x branch April 25, 2022 03:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants