Merge pull request #137 from catenax-ng/A1IDSES-1586_security_fix

[Fix|SDF] : Fixed the CVE-2024-22262
eclipse-tractusx · May 13, 2024 · 3c50313 · 3c50313
2 parents 9d93b21 + 6edbd0a
commit 3c50313
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ## [Unreleased]
+### Fixed
+- Fixed the CVE-2024-22262 springframework URL Parsing with Host Validation security issue
 
 ## [2.1.11] - 2024-05-02
 ### Fixed

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -108,7 +108,7 @@ maven/mavencentral/org.springframework/spring-context/6.1.4, Apache-2.0, approve
 maven/mavencentral/org.springframework/spring-core/6.1.4, Apache-2.0 AND BSD-3-Clause, approved, #11750
 maven/mavencentral/org.springframework/spring-expression/6.1.4, Apache-2.0, approved, #11747
 maven/mavencentral/org.springframework/spring-jcl/6.1.4, Apache-2.0, approved, #11749
-maven/mavencentral/org.springframework/spring-web/6.1.5, Apache-2.0, approved, #11748
+maven/mavencentral/org.springframework/spring-web/6.1.6, Apache-2.0, approved, #11748
 maven/mavencentral/org.springframework/spring-webmvc/6.1.4, Apache-2.0, approved, #11879
 maven/mavencentral/org.web3j/abi/5.0.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.web3j/crypto/5.0.0, Apache-2.0, approved, clearlydefined

diff --git a/pom.xml b/pom.xml
@@ -164,7 +164,7 @@
             <dependency>
                 <groupId>org.springframework</groupId>
                 <artifactId>spring-web</artifactId>
-                <version>6.1.5</version>
+                <version>6.1.6</version>
             </dependency>
             <dependency>
                 <groupId>org.springframework.security</groupId>