Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.boot:spring-boot-starter-webflux to v2.2.0.RELEASE - abandoned #616

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency org.springframework.boot:spring-boot-starter-webflux to v2.2.0.RELEASE - abandoned #616

wants to merge 1 commit into from

Conversation

mend-for-jackfan.us.kg[bot]
Copy link

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot commented May 5, 2022
edited
Loading

This PR contains the following updates:

Package Update Change
org.springframework.boot:spring-boot-starter-webflux (source) minor 2.0.0.RELEASE -> 2.2.0.RELEASE

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 10.0 CVE-2018-14721 #22
High 9.8 CVE-2018-11307 #193
High 9.8 CVE-2018-14718 #69
High 9.8 CVE-2018-14719 #68
High 9.8 CVE-2018-14720 #20
High 9.8 CVE-2018-19360 #207
High 9.8 CVE-2018-19361 #205
High 9.8 CVE-2018-19362 #204
High 9.8 CVE-2018-7489 #296
High 9.8 CVE-2019-10202 #247
High 9.8 CVE-2019-14379 #60
High 9.8 CVE-2019-14540 #297
High 9.8 CVE-2019-14892 #343
High 9.8 CVE-2019-14893 #341
High 9.8 CVE-2019-16335 #25
High 9.8 CVE-2019-16942 #331
High 9.8 CVE-2019-16943 #333
High 9.8 CVE-2019-17267 #146
High 9.8 CVE-2019-17531 #4
High 9.8 CVE-2019-20330 #219
High 9.8 CVE-2020-8840 #53
High 9.8 CVE-2020-9546 #345
High 9.8 CVE-2020-9547 #346
High 9.8 CVE-2020-9548 #347
High 8.8 CVE-2020-10672 #175
High 8.8 CVE-2020-10673 #176
High 8.8 CVE-2020-10968 #96
High 8.8 CVE-2020-10969 #98
High 8.8 CVE-2020-11111 #248
High 8.8 CVE-2020-11112 #250
High 8.8 CVE-2020-11113 #249
High 8.1 CVE-2020-11619 #144
High 8.1 CVE-2020-11620 #156
High 8.1 CVE-2020-14060 #56
High 8.1 CVE-2020-14061 #57
High 8.1 CVE-2020-14062 #58
High 8.1 CVE-2020-14195 #73
High 8.1 CVE-2020-24616 #209
High 8.1 CVE-2020-24750 #213
High 8.1 CVE-2020-35490 #326
High 8.1 CVE-2020-35491 #329
High 8.1 CVE-2020-35728 #188
High 8.1 CVE-2020-36179 #389
High 8.1 CVE-2020-36180 #41
High 8.1 CVE-2020-36181 #40
High 8.1 CVE-2020-36182 #43
High 8.1 CVE-2020-36183 #42
High 8.1 CVE-2020-36184 #47
High 8.1 CVE-2020-36185 #45
High 8.1 CVE-2020-36186 #49
High 8.1 CVE-2020-36187 #48
High 8.1 CVE-2020-36188 #37
High 8.1 CVE-2020-36189 #36
High 8.1 CVE-2021-20190 #163
High 7.5 CVE-2018-12022 #308
High 7.5 CVE-2018-12023 #309
High 7.5 CVE-2019-12086 #3
High 7.5 CVE-2019-14439 #317
High 7.5 CVE-2020-25649 #268
Medium 6.5 CVE-2018-1000873 #199
Medium 6.1 CVE-2019-10219 #255
Medium 5.9 CVE-2019-12384 #378
Medium 5.9 CVE-2019-12814 #151
Medium 5.3 CVE-2020-10693 #192

Release Notes

spring-projects/spring-boot

v2.2.0.RELEASE

⭐ New Features

🪲 Bug Fixes

  • Deprecate server.connection-timeout and create server-specific configuration keys #​18618
  • LegacyReactiveHealthEndpointCompatibilityConfiguration activates in non-reactive application #​18571
  • DevTools does not correctly handle encoded URLs found in the Class-Path manifest attribute #​18502
  • @​ConfigurationProperties does not work on @​Bean methods in auto-configuration classes when metadata caching is disabled on the bean factory #​18440

📔 Documentation

  • Clarify scope of "@​SpringBootTest#classes" #​18603
  • Document spring.main.register-shutdown-hook #​18588
  • Document formatting recommendations for configuration property javadoc #​18587
  • Update Kotlin reference documentation #​18573
  • Fix incorrect backslash escape for curly braces inside of Java code blocks #​18567
  • Fix package in AOP pointcut #​18558
  • Document the need to provide a SecurityWebFilterChain or WebSecurityConfigurerAdapter when using multiple OAuth 2 security components #​18507
  • Add some more notes on running exploded jar files #​18477
  • Clarify that httptrace and auditevents endpoints are enabled by default but that each requires an additional component for them to be auto-configured #​18352

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.18.RELEASE

🪲 Bug Fixes

  • @ConfigurationPropertiesBinding does not apply Formatter beans #​23576

📔 Documentation

  • Add upgrading section to reference docs with a link to the wiki #​23529

🔨 Dependency Upgrades

v2.1.17.RELEASE

🪲 Bug Fixes

  • Signed jar dependency performance problem when repackaged in a single jar #​19041

📔 Documentation

  • Fix broken links to Micrometer registry docs #​22704

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.16.RELEASE

🪲 Bug Fixes

  • NullPointerException in ErrorPageFilter when a MissingServletRequestParameterException is thrown and there's no DefaultHandlerExceptionResolver #​22169

📔 Documentation

  • Update the documentation to avoid trivialising what the reader's learning about #​22408

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.15.RELEASE

⭐ New Features

  • Restrict use of custom YAML types #​21596

🪲 Bug Fixes

  • Spring Boot CLI adds classes from current directory to the classpath on Unix-like platforms #​19910

📔 Documentation

  • Replace whitelist with a term that does not have racist connotations #​21737
  • Use https to link to groovy-lang.org #​21466
  • Document use case of splitting auto-configuration and starter #​20686
  • Document the difference in dispatch type and the effect on the security filter caused by the error page filter when deployed to a standalone container #​19293
  • Document support for Gradle 5 #​15358

🔨 Dependency Upgrades

v2.1.14.RELEASE

⭐ New Features

  • Throw exception if spring.config.location uses classpath*: #​21168

🪲 Bug Fixes

  • Classpath wildcards cannot be used with Java 11 or above #​21312
  • JarFiles are being left open #​21177
  • WelcomePageHandlerMapping does not honor CORS #​21048
  • Endpoint exposure patterns do not work with dashed IDs #​20997
  • Embedded database initial failed for setting empty spring.database.url #​20996
  • Cassandra health indicator never reports version attribute #​20719
  • ReactiveCassandraHealthIndicator runs a query that fails on some Consistency Levels #​20713
  • CassandraHealthIndicator runs a query that fails on some Consistency Levels #​20709
  • ApplicationHome does not work correctly with paths that contain spaces #​20531
  • Unresolvable placeholder in the value of spring.datasource.url causes a startup failure even when there is a user-provided DataSource bean #​20438
  • DependencyCustomizer ifAllResourcesPresent adds modules if any resources are present #​20418
  • TomcatReactiveWebServerFactory does not call getTomcatWebServer to create the TomcatWebServer #​20386
  • Credentials of cloudfoundry service cannot be resolved anymore #​20343
  • PortInUseException thrown when Netty does not have the right to use configured port #​19807
  • KafkaAutoConfiguration should back off when a bean of type ConcurrentKafkaListenerContainerFactory is found #​19221
  • Fat jars cause classloading problems with JDK11 and Security Manager #​17796

📔 Documentation

  • Link to correct factory in TomcatReactiveWebServerFactory's javadoc #​20583
  • Improve documentation around relaxed binding, @​Value, and the canonical form of properties #​20507
  • Document devtool property file profile restrictions #​19972
  • Document that actuator over HTTP requires Jackson #​19564
  • Add "Health as Gauge" how-to documentation #​18329
  • Document relaxed binding from environment variables #​18215

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.13.RELEASE

🪲 Bug Fixes

  • BuildInfo task not run in Gradle project when project's version number changes #​20135
  • Binding to collection fails with unbound elements error if collection overridden in another property source with smaller number of elements #​20134
  • Jetty logs a custom context path incorrectly when compression is enabled #​19969
  • Spring Webflux ignores message of custom exception when annotated with @​ResponseStatus #​19901
  • TomcatMetrics does not clean up properly when the application context is closed #​19880
  • Using @​ActiveProfiles with @​SpringBootTest now adds to the profiles configured using spring.profiles.active rather than overriding them #​19788
  • No error message when server.ssl.keyAlias doesn't match an entry #​19202
  • DataSource url property is ignored when there is no connection pool #​19192
  • JSON keys containing a dot from CF environment are not handled as a single path segment #​18915

📔 Documentation

  • Fix Gradle plugin documentation links #​19961
  • Fix typo in configuration metadata appendix #​19956
  • Update documentation on excluding an auto-configuration to recommend exclude on SpringBootApplication #​19855
  • Document how to register a blocking health contributor with the reactive registry #​19707

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.12.RELEASE

🪲 Bug Fixes

  • PoolingDataSourceBean getParentLogger throws StackOverflowError #​19637
  • Fat jars do not tolerate entries with an invalid modification date of 0 #​19595
  • Profile with comma in name does not work in tests #​19556
  • Spring Boot's antlib references a properties file that is no longer packaged in its jar #​19552
  • Make equality checks defensive to null reference #​19540
  • Incorrect target type with wildcard List #​18767

📔 Documentation

  • Fix links to external types in javadoc #​19581
  • Fix typo in BindHandler#onFinish javadoc #​19492
  • Polish note about handling of caches that are created on-the-fly #​19491
  • Clarify the behaviour of @​CacheConfig with respect to on-the-fly cache creation and cache metrics #​19412
  • Fix typo on ConditionMessage #​19354
  • Link consistently to Tomcat 9.0 docs #​19340
  • Fix link to Vaadin Spring Boot starter #​19338
  • Clarify non-public nature of Boot?s own @​ConfigurationProperties classes and multi-DataSource example #​19199
  • Clarify documentation of repackage mojo's attach property #​19021
  • Improve "Running Behind a Front-end Proxy Server" documentation #​15046

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.11.RELEASE

🪲 Bug Fixes

  • server.ssl.key-alias is ignored when configuring Netty #​19197
  • Liquibase actuator endpoint does not give correct information when multiple databases are used in one project #​19171
  • ssl.enabled is ignored when Rabbit is configured with an address with no protocol #​19109
  • Use DeferredLog in CloudFoundryVcapEnvironmentPostProcessor #​19027
  • @​SpyBean (MockitoPostProcessor) tries to initialize @​StepScope Bean out of scope #​19020
  • HealthWebEndpointMapper should expose details if right authority present #​18998
  • Spring Boot - Maven Plugin shutdown broken #​18936
  • BasicJsonParser does not handle whitespace between [ and { correctly #​18911
  • @​ServletComponentScan does not work with a component index #​18910

📔 Documentation

  • Add missing health indicators to docs #​19149
  • Incorrect Javadoc regarding default Tomcat async request timeout #​19057
  • Fix syntax error in configuration metadata sample in docs #​19028
  • Document logging of startup info #​19026
  • Clarify contradictory advice on the use of @PropertySource #​18900
  • Document the property configuration of the auto-configured EntityManagerFactoryBuilder #​15361

🔨 Dependency Upgrades

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

v2.1.10.RELEASE

⭐ New Features

  • Support amqps:// URIs in spring.rabbitmq.addresses #​18808

🪲 Bug Fixes

  • Failure analysis description for BeanDefinitionOverrideExceptions includes useless information when a bean definition has no resource description #​18721
  • Rename max-http-post-size server property #​18566
  • Deprecate server.connection-timeout and create server-specific configuration keys #​18473
  • DevTools does not correctly handle encoded URLs found in the Class-Path manifest attribute #​18410
  • Recursive property in @ConfigurationProperties causes java.lang.StackOverflowError when generating metadata #​18365
  • Dependency relationships created by AbstractDependsOnBeanFactoryPostProcessors cannot be overridden #​18362
  • Endpoint filter configured on an endpoint's super-class has no effect #​17866

📔 Documentation

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot added the security fix Security fix generated by WhiteSource label May 5, 2022
@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot force-pushed the whitesource-remediate/org.springframework.boot-spring-boot-starter-webflux-2.x branch from 1e73fcd to 396c04b Compare May 15, 2022 14:50
@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot changed the title Update dependency org.springframework.boot:spring-boot-starter-webflux to v2.6.0 Update dependency org.springframework.boot:spring-boot-starter-webflux to v2.2.0.RELEASE May 15, 2022
@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot changed the title Update dependency org.springframework.boot:spring-boot-starter-webflux to v2.2.0.RELEASE Update dependency org.springframework.boot:spring-boot-starter-webflux to v2.2.0.RELEASE - abandoned Jun 20, 2023
@mend-for-jackfan.us.kg
Copy link
Author

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants