[Snyk] Fix for 3 vulnerabilities#1498
Conversation
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-15989808 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-15989820 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-15990633 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-15989812 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-15990787
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-17253311
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-TOOLSJACKSONCORE-17457696 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17732890 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-TOOLSJACKSONCORE-17457696 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17732890 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-TOOLSJACKSONCORE-17457696 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17732890 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
|
This upgrade includes a major version jump for Spring Boot from 3.5.5 to 4.0.0, which introduces significant breaking changes. The upgrade requires a Java 17 baseline (with Java 21+ recommended), and brings in major version updates for underlying dependencies like Spring Framework 7, Jakarta EE 11, and Jackson 3. Key Breaking Changes in Spring Boot 4.0.0:
Other Package Upgrades:
Recommendation:
|
Snyk has created this PR to fix 3 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
examples/iOS-Hybrid-App-Java-Server/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-TOOLSJACKSONCORE-17457696
4.0.4->4.0.7Proof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-17732890
11.0.14->11.0.23org.apache.tomcat.embed:tomcat-embed-websocket:
11.0.12->11.0.23org.springframework.boot:spring-boot-starter-tomcat:
3.5.5->4.0.0Major version upgradeNo Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
11.0.14->11.0.23org.apache.tomcat.embed:tomcat-embed-websocket:
11.0.12->11.0.23org.springframework.boot:spring-boot-starter-tomcat:
3.5.5->4.0.0Major version upgradeNo Known ExploitBreaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Authentication
🦉 Improperly Controlled Modification of Dynamically-Determined Object Attributes