You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ni...@apache.org on 2022/04/02 00:50:26 UTC
[servicecomb-pack] 01/01: SCB-2438 Upgrade the spring framework version to 5.2.20
This is an automated email from the ASF dual-hosted git repository.
ningjiang pushed a commit to branch SCB-2438
in repository https://gitbox.apache.org/repos/asf/servicecomb-pack.git
commit f44a643e93d4ec535530a98cf5e9e7e6b97148a8
Author: Willem Jiang <wi...@gmail.com>
AuthorDate: Sat Apr 2 08:50:06 2022 +0800
SCB-2438 Upgrade the spring framework version to 5.2.20
---
pack-dependencies/pom.xml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/pack-dependencies/pom.xml b/pack-dependencies/pom.xml
index ba7e04a..8b57a99 100644
--- a/pack-dependencies/pom.xml
+++ b/pack-dependencies/pom.xml
@@ -48,6 +48,9 @@
<spring.cloud.stream.version>3.0.13.RELEASE</spring.cloud.stream.version>
<spring.cloud.function.version>3.0.14.RELEASE</spring.cloud.function.version>
+ <!-- specify the spring-framework version for cve-2022-22965 -->
+ <spring-framework.version>5.2.20.RELEASE</spring-framework.version>
+
<!-- akka fsm -->
<akka.version>2.5.32</akka.version>
<alpakka.version>1.0.5</alpakka.version>
@@ -116,6 +119,13 @@
<dependencies>
<!-- import dependencies -->
<dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-framework-bom</artifactId>
+ <version>${spring-framework.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring.boot.version}</version>