From 3374497a9ea8b518058a50181f5c13d23599e34c Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Tue, 20 May 2025 15:15:44 -0700 Subject: [PATCH 1/2] Upgrade Spring Framework to the latest version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index dd2259f713..f708a5f695 100644 --- a/gradle.properties +++ b/gradle.properties @@ -291,7 +291,7 @@ snappyJavaVersion=1.1.10.7 # Also, update apacheTomcatVersion above to match Spring Boot's Tomcat dependency version springBootVersion=3.4.5 # This usually matches the Spring Framework version dictated by springBootVersion -springVersion=6.2.6 +springVersion=6.2.7 sqliteJdbcVersion=3.49.1.0 From 909239637a3a5e9df2027c175874bb69512bf8d6 Mon Sep 17 00:00:00 2001 From: Adam Rauch Date: Tue, 20 May 2025 17:19:44 -0700 Subject: [PATCH 2/2] Force version on more spring jars --- server/embedded/build.gradle | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/server/embedded/build.gradle b/server/embedded/build.gradle index 943cf6b021..c3f44c42cf 100644 --- a/server/embedded/build.gradle +++ b/server/embedded/build.gradle @@ -43,11 +43,46 @@ dependencies { } // Allows forcing a Spring Framework version that differs from spring-boot's version (e.g., to address CVEs) + implementation('org.springframework:spring-aop') { + version { + strictly "${springVersion}" + } + } + implementation('org.springframework:spring-beans') { + version { + strictly "${springVersion}" + } + } + implementation('org.springframework:spring-context') { + version { + strictly "${springVersion}" + } + } + implementation('org.springframework:spring-core') { + version { + strictly "${springVersion}" + } + } + implementation('org.springframework:spring-expression') { + version { + strictly "${springVersion}" + } + } + implementation('org.springframework:spring-jcl') { + version { + strictly "${springVersion}" + } + } implementation('org.springframework:spring-web') { version { strictly "${springVersion}" } } + implementation('org.springframework:spring-webmvc') { + version { + strictly "${springVersion}" + } + } // Allows forcing a Tomcat version that differs from spring-boot's version (e.g., to address CVEs or regressions, // or to test a Tomcat release candidate)