You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by ni...@apache.org on 2022/04/02 00:50:26 UTC

[servicecomb-pack] 01/01: SCB-2438 Upgrade the spring framework version to 5.2.20

This is an automated email from the ASF dual-hosted git repository.

ningjiang pushed a commit to branch SCB-2438
in repository https://gitbox.apache.org/repos/asf/servicecomb-pack.git

commit f44a643e93d4ec535530a98cf5e9e7e6b97148a8
Author: Willem Jiang <wi...@gmail.com>
AuthorDate: Sat Apr 2 08:50:06 2022 +0800

    SCB-2438 Upgrade the spring framework version to 5.2.20
---
 pack-dependencies/pom.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pack-dependencies/pom.xml b/pack-dependencies/pom.xml
index ba7e04a..8b57a99 100644
--- a/pack-dependencies/pom.xml
+++ b/pack-dependencies/pom.xml
@@ -48,6 +48,9 @@
     <spring.cloud.stream.version>3.0.13.RELEASE</spring.cloud.stream.version>
     <spring.cloud.function.version>3.0.14.RELEASE</spring.cloud.function.version>
 
+    <!-- specify the spring-framework version for cve-2022-22965 -->
+    <spring-framework.version>5.2.20.RELEASE</spring-framework.version>
+
     <!-- akka fsm -->
     <akka.version>2.5.32</akka.version>
     <alpakka.version>1.0.5</alpakka.version>
@@ -116,6 +119,13 @@
     <dependencies>
       <!-- import dependencies -->
       <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-framework-bom</artifactId>
+        <version>${spring-framework.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
         <version>${spring.boot.version}</version>