- remedy for CVE-2024-22233 (#1706)

- ben-manes.versions 0.51.0
hmcts · Oct 25, 2024 · ac3116a · ac3116a
1 parent 0df10d6
commit ac3116a
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/build.gradle b/build.gradle
@@ -14,7 +14,7 @@ plugins {
     id 'uk.gov.hmcts.java' version '0.12.63'
     id 'jacoco'
     id 'pmd'
-    id 'com.github.ben-manes.versions' version '0.36.0'
+    id 'com.github.ben-manes.versions' version '0.51.0'
     id "info.solidsoft.pitest" version '1.15.0'
     id 'io.spring.dependency-management' version '1.1.6'
     id 'org.sonarqube' version '5.0.0.4638'
@@ -619,6 +619,14 @@ configurations.all {
             details.useVersion "32.1.1-jre"
         }
     }
+
+    resolutionStrategy.eachDependency { details ->
+        // Remedy for CVE-2024-22233 - remove once spring-boot transitively uses version >= 6.1.14
+        if (details.requested.group == 'org.springframework'
+                && (details.requested.version == '6.1.12' || details.requested.version == '6.1.13')) {
+            details.useVersion "6.1.14"
+        }
+    }
 }
 
 // this is required to force Java running on the Azure Windows Server OS into using