This is an automated email from the ASF dual-hosted git repository. adamsaghy pushed a commit to branch release/1.13.0 in repository https://gitbox.apache.org/repos/asf/fineract.git
commit 8ee415770c38fe6b69db974f829b70cdec72e8d5 Author: Adam Saghy <[email protected]> AuthorDate: Tue Oct 7 14:05:16 2025 +0200 FINERACT-2326: Upgrade dependencies --- .../main/groovy/org.apache.fineract.dependencies.gradle | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle b/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle index 2f682717cf..c4677a432d 100644 --- a/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle +++ b/buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle @@ -63,7 +63,7 @@ dependencyManagement { exclude 'com.sun.mail:javax.mail' exclude 'javax.activation:activation' } - dependency 'commons-io:commons-io:2.17.0' + dependency 'commons-io:commons-io:2.18.0' dependency 'com.github.librepdf:openpdf:2.0.3' dependency ('org.mnode.ical4j:ical4j:3.2.19') { exclude 'com.sun.mail:javax.mail' @@ -125,7 +125,6 @@ dependencyManagement { dependency 'io.github.classgraph:classgraph:4.8.179' dependency 'org.awaitility:awaitility:4.2.2' - // TODO: upgrade to 4.8.3 dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6' dependency 'javax.cache:cache-api:1.1.1' dependency 'org.mock-server:mockserver-junit-jupiter:5.15.0' @@ -234,9 +233,6 @@ dependencyManagement { exclude 'org.slf4j:jcl-over-slf4j' exclude 'org.slf4j:slf4j-api' } - - //v42.7.5: performance issue: https://github.com/pgjdbc/pgjdbc/issues/3511#issuecomment-2637277977 - //v42.7.4: CVE-2025-49146: https://nvd.nist.gov/vuln/detail/CVE-2025-49146 dependency 'org.postgresql:postgresql:42.7.8' dependency 'com.mysql:mysql-connector-j:9.2.0' @@ -273,11 +269,13 @@ dependencyManagement { dependency 'org.yakworks:spring-icu4j:0.4.2' dependency 'org.apache.commons:commons-lang3:3.18.0' dependency 'com.nimbusds:nimbus-jose-jwt:10.0.2' - // Force Spring Framework version: https://spring.io/security/cve-2025-41249 + // Force Spring Framework version: CVE-2025-41249 dependency 'org.springframework:spring-core:6.2.11' - // Force Spring Framework version: https://spring.io/security/cve-2025-41248 + // Force Spring Framework version: CVE-2025-41248 dependency 'org.springframework.security:spring-security-core:6.5.4' - // Force netty-codec version: https://scout.docker.com/vulnerabilities/id/CVE-2025-58057 + // Force netty-codec version: CVE-2025-58057 dependency 'io.netty:netty-codec:4.1.125.Final' + // Force netty-codec version: CVE-2025-58056 + dependency 'io.netty:netty-codec-http:4.1.125.Final' } }
