Skip to content

9.8.0 security fixes #1423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 16, 2025
Merged

9.8.0 security fixes #1423

merged 8 commits into from
Oct 16, 2025

Conversation

@cmark
Copy link
Member

@cmark cmark commented Oct 15, 2025
edited
Loading

cmark added 2 commits October 15, 2025 19:15
@cmark
fix(tp): bump swagger-core libs to 2.2.36
bd33c2c
@cmark
fix(api): resolve security issues by bumping Spring libraries to...
4f15e1d 
...their respective latest patch versions

Namely bump
- Spring to 6.2.11
- Spring Security to 6.5.5
- Spring Boot to 3.5.6
- SpringDoc to 2.8.13
- Swagger Core to 2.2.36

This commit fixes the following security issues:
- CVE-2025-41248
- CVE-2025-41249
- CVE-2025-41242
@cmark cmark requested review from apeteri and nagyo October 15, 2025 17:27
@cmark cmark self-assigned this Oct 15, 2025
@cmark cmark added the security label Oct 15, 2025
@codecov
Copy link

codecov bot commented Oct 15, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.42%. Comparing base (70dbfb3) to head (29381fa).
⚠️ Report is 15 commits behind head on 9.x.

Additional details and impacted files 
@@             Coverage Diff              @@
##                9.x    #1423      +/-   ##
============================================
- Coverage     64.42%   64.42%   -0.01%     
+ Complexity    12806    12805       -1     
============================================
  Files          1620     1620              
  Lines         57803    57808       +5     
  Branches       5685     5685              
============================================
+ Hits          37242    37243       +1     
- Misses        18191    18194       +3     
- Partials       2370     2371       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

nagyo
nagyo approved these changes Oct 16, 2025
View reviewed changes
Copy link
Member

@nagyo nagyo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@cmark cmark requested review from AAAlinaaa and adamfilep October 16, 2025 07:46
@cmark cmark merged commit d3deb8d into 9.x Oct 16, 2025
5 checks passed
@cmark cmark deleted the issue/9.8.0-security-fixes branch October 16, 2025 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nagyo nagyo nagyo approved these changes

@AAAlinaaa AAAlinaaa AAAlinaaa approved these changes

@apeteri apeteri Awaiting requested review from apeteri

@adamfilep adamfilep Awaiting requested review from adamfilep

Assignees

@cmark cmark

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cmark @nagyo @AAAlinaaa