Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Spring to 5.3.18 #3763

Closed
abrokenjester opened this issue Apr 2, 2022 · 0 comments · Fixed by #3764
Closed

Update Spring to 5.3.18 #3763

abrokenjester opened this issue Apr 2, 2022 · 0 comments · Fixed by #3764
Assignees
@abrokenjester
Labels
🐞 bug issue is a bug security
Projects
Project Progress
Milestone
3.7.7

Comments

@abrokenjester
Copy link
Contributor

abrokenjester commented Apr 2, 2022
edited

Current Behavior

Current version of Spring used by RDF4J is 5.3.14 which is potentially vulnerable to CVE-2022-22965 ("Spring4Shell").

Expected Behavior

Update to Spring 5.3.18 which includes fix spring-projects/spring-framework#28261 , addressing the vulnerability in the classloader.

Steps To Reproduce

No response

Version

3.7.6

Are you interested in contributing a solution yourself?

Yes

Anything else?

No response
@abrokenjester abrokenjester added this to the 3.7.7 milestone Apr 2, 2022
@abrokenjester abrokenjester self-assigned this Apr 2, 2022
@github-actions github-actions bot added this to 📥 Inbox in Project Progress Apr 2, 2022
@abrokenjester abrokenjester moved this from 📥 Inbox to 🚧 In progress in Project Progress Apr 2, 2022
abrokenjester added a commit that referenced this issue Apr 2, 2022
@abrokenjester
GH-3763 update spring to 5.3.18
575f3e3
@abrokenjester abrokenjester mentioned this issue Apr 2, 2022
Merged
5 tasks
Project Progress automation moved this from 🚧 In progress to 🥳 Done Apr 2, 2022
abrokenjester added a commit that referenced this issue Apr 2, 2022
@abrokenjester
GH-3763 update spring to 5.3.18
d5141b4
patrickwyler pushed a commit to patrickwyler/rdf4j that referenced this issue Jun 20, 2022
@abrokenjester @patrickwyler
eclipse-rdf4jGH-3763 update spring to 5.3.18
95dec6e
patrickwyler pushed a commit to patrickwyler/rdf4j that referenced this issue Jun 20, 2022
@abrokenjester @patrickwyler
eclipse-rdf4jGH-3763 update spring to 5.3.18
01b7759
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abrokenjester abrokenjester

Labels
🐞 bug issue is a bug security
Projects
No open projects
Project Progress
🥳 Done
Milestone
3.7.7
Development

Successfully merging a pull request may close this issue.

GH-3763 update spring to 5.3.18 eclipse-rdf4j/rdf4j
1 participant
@abrokenjester