Skip to content

Commit 13f50e5

Browse files
Merge pull request #555 from hmcts/DTSRD-327
Addressed CVE-2021-22044
2 parents 31b3b9d + b45bd11 commit 13f50e5

2 files changed

Lines changed: 5 additions & 6 deletions

File tree

build.gradle

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -521,6 +521,11 @@ dependencyManagement {
521521
entry 'tomcat-embed-el'
522522
entry 'tomcat-embed-websocket'
523523
}
524+
//CVE-2021-22044
525+
dependencySet(group: 'org.springframework.cloud', version: '3.1.5') {
526+
entry 'spring-cloud-starter-openfeign'
527+
entry 'spring-cloud-openfeign-core'
528+
}
524529
// CVE-2021-22060, CVE-2022-22965, CVE-2022-22950, CVE-2022-22971, CVE-2022-22968, CVE-2022-22970, CVE-2022-31690, CVE-2022-31692
525530
dependency(group: 'org.springframework', name: 'spring-corespring-core', version: '5.3.26') //remove this line after spring boot upgrade to 2.7.7 and spring frame work to 6.0
526531
}

config/owasp/suppressions.xml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,6 @@
3030
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
3131
<cve>CVE-2021-4235</cve>
3232
</suppress>
33-
<suppress>
34-
<notes>CVE-2022-22978 suppression (false positive), because spring security already at (5.7.5) this is higher than the vulnerable versions
35-
(5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4)
36-
https://tanzu.vmware.com/security/cve-2022-22978</notes>
37-
<cve>CVE-2021-22044</cve>
38-
</suppress>
3933
<suppress>
4034
<cve>CVE-2022-45688</cve>
4135
<cve>CVE-2023-24998</cve>

0 commit comments

Comments
 (0)