Merge pull request #133 from reportportal/hotfix/5.11.1

Hotfix 5.11.1
reportportal · Apr 18, 2024 · 028a075 · 028a075
2 parents e7a9e5c + 3119b8d
commit 028a075
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -53,7 +53,7 @@ processResources {
 ext['log4j2.version'] = '2.21.1'
 ext['log4j-to-slf4j.version'] = '2.21.1'
 //https://nvd.nist.gov/vuln/detail/CVE-2022-26520
-ext['postgresql.version'] = '42.6.0'
+ext['postgresql.version'] = '42.6.1'
 ext['snakeyaml.version'] = '1.33'
 //
 
@@ -67,6 +67,24 @@ dependencies {
     // https://mvnrepository.com/artifact/org.apache.commons/commons-lang3
     implementation 'org.apache.commons:commons-lang3:3.12.0'
 
+    // Fix CVE-2023-46589, CVE-2024-24549
+    implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.86'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.86'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.86'
+
+    //Fix CVE-2023-6378, CVE-2023-6481, CVE-2023-6378, CVE-2023-6481
+    implementation 'ch.qos.logback:logback-classic:1.2.13'
+    implementation 'ch.qos.logback:logback-core:1.2.13'
+
+    //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
+    implementation 'org.springframework:spring-webmvc:5.3.33'
+    implementation 'org.springframework:spring-web:5.3.33'
+
+    // Fix CVE-2024-25710, CVE-2024-26308
+    implementation 'org.apache.commons:commons-compress:1.26.0'
+
+    //Fix CVE-2023-34050
+    implementation 'org.springframework.amqp:spring-amqp:2.4.17'
 
     implementation 'org.springframework.boot:spring-boot-starter-aop'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'