From dbfbf326614bb86f92b26d45492339d33dceb90f Mon Sep 17 00:00:00 2001 From: Dinesh Patel Date: Thu, 11 Jan 2024 16:01:08 +0000 Subject: [PATCH 1/2] bumped spring-security.version to v5.7.10 --- build.gradle | 2 +- config/owasp/suppressions.xml | 62 +++++++++++++++++------------------ 2 files changed, 31 insertions(+), 33 deletions(-) diff --git a/build.gradle b/build.gradle index 9ff79acbc..f95deb268 100644 --- a/build.gradle +++ b/build.gradle @@ -43,7 +43,7 @@ pmd { } ext['spring-framework.version'] = '5.3.26' -ext['spring-security.version'] = '5.7.8' +ext['spring-security.version'] = '5.7.10' ext['log4j2.version'] = '2.17.1' ext['jackson.version'] = '2.15.3' ext['snakeyaml.version'] = '2.0' diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml index 647d19415..095275e7f 100644 --- a/config/owasp/suppressions.xml +++ b/config/owasp/suppressions.xml @@ -1,40 +1,38 @@ -Temporary Suppression - CVE-2022-45688 refer https://tools.hmcts.net/jira/browse/CCD-4373 - CVE-2023-20883 refer [Ticket] - CVE-2023-34036 refer [Ticket] - CVE-2023-34034 refer [Ticket] - CVE-2023-20873 refer [Ticket] - CVE-2023-41080 refer [Ticket] - CVE-2023-42794 refer [Ticket] - CVE-2023-42795 refer [Ticket] - CVE-2023-45648 refer [Ticket] - CVE-2023-44487 refer [Ticket] - CVE-2023-5072 refer [Ticket] - CVE-2023-20863 refer [Ticket] - + Temporary Suppression + CVE-2022-45688 refer https://tools.hmcts.net/jira/browse/CCD-4373 + CVE-2023-20883 refer [Ticket] + CVE-2023-34036 refer [Ticket] + CVE-2023-20873 refer [Ticket] + CVE-2023-41080 refer [Ticket] + CVE-2023-42794 refer [Ticket] + CVE-2023-42795 refer [Ticket] + CVE-2023-45648 refer [Ticket] + CVE-2023-44487 refer [Ticket] + CVE-2023-5072 refer [Ticket] + CVE-2023-20863 refer [Ticket] CVE-2023-33202 refer [Ticket] CVE-2023-34055 refer [Ticket] CVE-2023-46589 refer [Ticket] CVE-2023-6378 refer [Ticket] - CVE-2023-35116 refer [Ticket] -CVE-2022-45688 -CVE-2023-20883 -CVE-2023-34036 -CVE-2023-34034 -CVE-2023-20873 -CVE-2023-41080 -CVE-2023-42794 -CVE-2023-42795 -CVE-2023-45648 -CVE-2023-44487 -CVE-2023-5072 -CVE-2023-20863 -CVE-2023-33202 -CVE-2023-34055 -CVE-2023-46589 -CVE-2023-6378 -CVE-2023-35116 + CVE-2023-35116 refer [Ticket] + + CVE-2022-45688 + CVE-2023-20883 + CVE-2023-34036 + CVE-2023-20873 + CVE-2023-41080 + CVE-2023-42794 + CVE-2023-42795 + CVE-2023-45648 + CVE-2023-44487 + CVE-2023-5072 + CVE-2023-20863 + CVE-2023-33202 + CVE-2023-34055 + CVE-2023-46589 + CVE-2023-6378 + CVE-2023-35116 From 891c2740eb1e6f5e5453e111e3801a471976b417 Mon Sep 17 00:00:00 2001 From: dinesh1patel <74076102+dinesh1patel@users.noreply.github.com> Date: Wed, 14 Feb 2024 17:49:44 +0000 Subject: [PATCH 2/2] Update suppressions.xml --- config/owasp/suppressions.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml index 4a730b6d8..b41987dd3 100644 --- a/config/owasp/suppressions.xml +++ b/config/owasp/suppressions.xml @@ -15,7 +15,8 @@ CVE-2023-34055 refer [Ticket] CVE-2023-46589 refer [Ticket] CVE-2023-6378 refer [Ticket] - CVE-2023-35116 refer [Ticket] + CVE-2023-35116 refer [Ticket] + CVE-2023-34042 refer [Ticket] CVE-2022-45688 CVE-2023-34036 CVE-2023-20873 @@ -31,5 +32,6 @@ CVE-2023-46589 CVE-2023-6378 CVE-2023-35116 +CVE-2023-34042 - \ No newline at end of file +