Upgrade org.springframework:spring-core to version 4.3.17 or later

[dzhoshkun]

GitHub has detected a potential security vulnerability related to the Spring Framework version, and recommended the following fix to the pom.xml file:

<dependency>
  <groupId>org.springframework</groupId>
  <artifactId>spring-core</artifactId>
  <version>[4.3.17,)</version>
</dependency>

Quoting the relevant section of the alert (the link does not seem to work, as of 23 Oct 2018):

CVE-2015-5211 More information
high severity
Vulnerable versions: > 4.2.0, < 4.2.2
Patched version: 4.2.2
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.