This is an automated email from the ASF dual-hosted git repository.
onichols pushed a commit to branch support/1.13
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.13 by this push:
new ccd57d5 GEODE-10201: Bump spring from 5.2.15 to 5.2.20 (#7535)
ccd57d5 is described below
commit ccd57d5bc3c2d725e377434f3db48ed31048665b
Author: Owen Nichols <[email protected]>
AuthorDate: Thu Mar 31 12:32:48 2022 -0700
GEODE-10201: Bump spring from 5.2.15 to 5.2.20 (#7535)
see
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
---
.../src/test/resources/expected-pom.xml | 20 ++++++++++----------
.../gradle/plugins/DependencyConstraints.groovy | 2 +-
.../integrationTest/resources/assembly_content.txt | 10 +++++-----
.../resources/dependency_classpath.txt | 4 ++--
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml
b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index db3b310..9289f97 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -796,61 +796,61 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
diff --git
a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 8fd651e..96899f9 100644
---
a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++
b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -249,7 +249,7 @@ class DependencyConstraints implements Plugin<Project> {
entry('spring-security-oauth2-jose')
}
- dependencySet(group: 'org.springframework', version: '5.2.15.RELEASE') {
+ dependencySet(group: 'org.springframework', version: '5.2.20.RELEASE') {
entry('spring-aspects')
entry('spring-beans')
entry('spring-context')
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index 1c1def9..c4df3cf 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1074,12 +1074,12 @@ lib/shiro-event-1.8.0.jar
lib/shiro-lang-1.8.0.jar
lib/slf4j-api-1.7.30.jar
lib/snappy-0.4.jar
-lib/spring-beans-5.2.15.RELEASE.jar
-lib/spring-context-5.2.15.RELEASE.jar
-lib/spring-core-5.2.15.RELEASE.jar
-lib/spring-jcl-5.2.15.RELEASE.jar
+lib/spring-beans-5.2.20.RELEASE.jar
+lib/spring-context-5.2.20.RELEASE.jar
+lib/spring-core-5.2.20.RELEASE.jar
+lib/spring-jcl-5.2.20.RELEASE.jar
lib/spring-shell-1.2.0.RELEASE.jar
-lib/spring-web-5.2.15.RELEASE.jar
+lib/spring-web-5.2.20.RELEASE.jar
lib/swagger-annotations-1.5.23.jar
tools/ClientProtocol/geode-protobuf-messages-definitions-0.0.0.zip
tools/Extensions/geode-web-0.0.0.war
diff --git
a/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
b/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
index e9413c7..61a0169 100644
--- a/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
@@ -66,13 +66,13 @@ shiro-event-1.8.0.jar
shiro-crypto-core-1.8.0.jar
shiro-lang-1.8.0.jar
slf4j-api-1.7.30.jar
-spring-core-5.2.15.RELEASE.jar
+spring-core-5.2.20.RELEASE.jar
javax.activation-api-1.2.0.jar
jline-2.12.jar
HdrHistogram-2.1.12.jar
LatencyUtils-2.0.3.jar
javax.transaction-api-1.3.jar
-spring-jcl-5.2.15.RELEASE.jar
+spring-jcl-5.2.20.RELEASE.jar
jetty-http-9.4.39.v20210325.jar
jetty-io-9.4.39.v20210325.jar
jetty-xml-9.4.39.v20210325.jar
