fix vulnerabilities and upgrade backend dependency packages

mini-lee-tpi · mini-lee-tpi · commit 6a85c8e4934e · 2025-10-02T09:42:18.000+08:00
diff --git a/build.gradle b/build.gradle
@@ -66,8 +66,13 @@ subprojects {
 		implementation files("${rootDir}/libsext/dgrv4_HttpUtil-v4.5.19.0-4-g052aa0662-lib.jar")
 
 		implementation ('org.springframework.boot:spring-boot-starter-data-jpa'){
+			//CVE-2025-41249
+			exclude group:'org.springframework', module:'spring-core'
 		}
 		
+		// Correct the above exclusions, CVE-2025-41249
+		implementation 'org.springframework:spring-core:6.2.11'
+		
 		implementation ('org.springframework.boot:spring-boot-starter-web'){
 			exclude group:'org.apache.tomcat.embed', module:'tomcat-embed-core'
 		}
@@ -221,7 +226,7 @@ project(':dgrv4_Gateway_serv'){
 		
 		// gRPC Proxy
 		implementation 'net.devh:grpc-server-spring-boot-starter:2.15.0.RELEASE'
-		implementation 'io.grpc:grpc-netty-shaded:1.61.0'
+		implementation 'io.grpc:grpc-netty-shaded:1.75.0'
 		implementation ('io.grpc:grpc-protobuf:1.61.0'){
 			exclude group:'com.google.protobuf', module:'protobuf-java'
 		}
@@ -241,7 +246,7 @@ project(':dgrv4_Gateway_serv'){
 			exclude group:'io.netty', module:'netty-codec'
 		}
 		// Correct the above exclusions, CVE-2025-55163
-		implementation ('io.netty:netty-codec-http2:4.1.124.Final') {
+		implementation ('io.netty:netty-codec-http2:4.1.125.Final') {
 			//CVE-2025-58057
 			exclude group:'io.netty', module:'netty-codec'
 		}

Original file line number	Diff line number	Diff line change
`@@ -66,8 +66,13 @@ subprojects {`
`66`	`66`	`implementation files("${rootDir}/libsext/dgrv4_HttpUtil-v4.5.19.0-4-g052aa0662-lib.jar")`
`67`	`67`
`68`	`68`	`implementation ('org.springframework.boot:spring-boot-starter-data-jpa'){`
	`69`	`+ //CVE-2025-41249`
	`70`	`+ exclude group:'org.springframework', module:'spring-core'`
`69`	`71`	`}`
`70`	`72`
	`73`	`+ // Correct the above exclusions, CVE-2025-41249`
	`74`	`+ implementation 'org.springframework:spring-core:6.2.11'`
	`75`	`+`
`71`	`76`	`implementation ('org.springframework.boot:spring-boot-starter-web'){`
`72`	`77`	`exclude group:'org.apache.tomcat.embed', module:'tomcat-embed-core'`
`73`	`78`	`}`
`@@ -221,7 +226,7 @@ project(':dgrv4_Gateway_serv'){`
`221`	`226`
`222`	`227`	`// gRPC Proxy`
`223`	`228`	`implementation 'net.devh:grpc-server-spring-boot-starter:2.15.0.RELEASE'`
`224`		`- implementation 'io.grpc:grpc-netty-shaded:1.61.0'`
	`229`	`+ implementation 'io.grpc:grpc-netty-shaded:1.75.0'`
`225`	`230`	`implementation ('io.grpc:grpc-protobuf:1.61.0'){`
`226`	`231`	`exclude group:'com.google.protobuf', module:'protobuf-java'`
`227`	`232`	`}`
`@@ -241,7 +246,7 @@ project(':dgrv4_Gateway_serv'){`
`241`	`246`	`exclude group:'io.netty', module:'netty-codec'`
`242`	`247`	`}`
`243`	`248`	`// Correct the above exclusions, CVE-2025-55163`
`244`		`- implementation ('io.netty:netty-codec-http2:4.1.124.Final') {`
	`249`	`+ implementation ('io.netty:netty-codec-http2:4.1.125.Final') {`
`245`	`250`	`//CVE-2025-58057`
`246`	`251`	`exclude group:'io.netty', module:'netty-codec'`
`247`	`252`	`}`