Skip to content

Commit 7af75e8

Browse files
Koosha-OwjiKoosha-Owji
authored
Merge pull request #229 from kinde-oss/fix/security-cve-logback-and-deps
fix(security): patch Thymeleaf SSTI, Actuator auth bypass, and logback CVE-2026-1225
2 parents 5efb815 + 9986201 commit 7af75e8

2 files changed

Lines changed: 15 additions & 5 deletions

File tree

  • playground
    • kinde-springboot-starter-example
    • kinde-springboot-thymeleaf-full-example

playground/kinde-springboot-starter-example/pom.xml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
<dependency>
3333
<groupId>org.springframework.boot</groupId>
3434
<artifactId>spring-boot-starter-actuator</artifactId>
35-
<version>3.5.6</version>
35+
<version>3.5.12</version>
3636
</dependency>
3737
<dependency>
3838
<groupId>org.springframework.boot</groupId>
@@ -47,12 +47,12 @@
4747
<dependency>
4848
<groupId>org.thymeleaf</groupId>
4949
<artifactId>thymeleaf</artifactId>
50-
<version>3.1.3.RELEASE</version>
50+
<version>3.1.4.RELEASE</version>
5151
</dependency>
5252
<dependency>
5353
<groupId>org.thymeleaf</groupId>
5454
<artifactId>thymeleaf-spring6</artifactId>
55-
<version>3.1.3.RELEASE</version>
55+
<version>3.1.4.RELEASE</version>
5656
</dependency>
5757
<dependency>
5858
<groupId>org.springframework.boot</groupId>
@@ -73,7 +73,7 @@
7373
<groupId>ch.qos.logback</groupId>
7474
<artifactId>logback-classic</artifactId>
7575
<scope>runtime</scope>
76-
<version>1.5.19</version>
76+
<version>1.5.32</version>
7777
</dependency>
7878

7979
<dependency>

playground/kinde-springboot-thymeleaf-full-example/pom.xml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
<dependency>
2929
<groupId>org.springframework.boot</groupId>
3030
<artifactId>spring-boot-starter-actuator</artifactId>
31-
<version>3.5.5</version>
31+
<version>3.5.12</version>
3232
</dependency>
3333

3434
<dependency>
@@ -61,6 +61,16 @@
6161
<artifactId>spring-boot-starter-thymeleaf</artifactId>
6262
<version>3.5.5</version>
6363
</dependency>
64+
<dependency>
65+
<groupId>org.thymeleaf</groupId>
66+
<artifactId>thymeleaf</artifactId>
67+
<version>3.1.4.RELEASE</version>
68+
</dependency>
69+
<dependency>
70+
<groupId>org.thymeleaf</groupId>
71+
<artifactId>thymeleaf-spring6</artifactId>
72+
<version>3.1.4.RELEASE</version>
73+
</dependency>
6474
<dependency>
6575
<groupId>org.springframework.boot</groupId>
6676
<artifactId>spring-boot-devtools</artifactId>

0 commit comments

Comments
 (0)