From b45a55139fdce52a3e48b786ebf994a49d700f64 Mon Sep 17 00:00:00 2001
From: dtoxvanilla1991 <dtoxvanilla@gmail.com>
Date: Sun, 19 Apr 2026 01:03:32 +0100
Subject: [PATCH 1/2] fix(security): patch CVEs in playground modules -
 thymeleaf SSTI, actuator auth bypass, logback CVE-2026-1225
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- thymeleaf + thymeleaf-spring6: 3.1.3.RELEASE → 3.1.4.RELEASE (SSTI fix, all 3 thymeleaf playground modules)
- spring-boot-starter-actuator: 3.5.6/3.5.5 → 3.5.12 (auth bypass fix)
- logback-classic: 1.5.19 → 1.5.32 (CVE-2026-1225 ACE fix, resolves #228)

Closes #228
---
 .../kinde-springboot-pkce-client-example/pom.xml     | 10 ++++++++++
 playground/kinde-springboot-starter-example/pom.xml  |  8 ++++----
 .../kinde-springboot-thymeleaf-full-example/pom.xml  | 12 +++++++++++-
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/playground/kinde-springboot-pkce-client-example/pom.xml b/playground/kinde-springboot-pkce-client-example/pom.xml
index 8737b475..72605464 100644
--- a/playground/kinde-springboot-pkce-client-example/pom.xml
+++ b/playground/kinde-springboot-pkce-client-example/pom.xml
@@ -27,6 +27,16 @@
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
             <version>3.5.5</version>
         </dependency>
+        <dependency>
+            <groupId>org.thymeleaf</groupId>
+            <artifactId>thymeleaf</artifactId>
+            <version>3.1.4.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.thymeleaf</groupId>
+            <artifactId>thymeleaf-spring6</artifactId>
+            <version>3.1.4.RELEASE</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
diff --git a/playground/kinde-springboot-starter-example/pom.xml b/playground/kinde-springboot-starter-example/pom.xml
index 70d9a2d0..c4ae8222 100644
--- a/playground/kinde-springboot-starter-example/pom.xml
+++ b/playground/kinde-springboot-starter-example/pom.xml
@@ -32,7 +32,7 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-actuator</artifactId>
-      <version>3.5.6</version>
+      <version>3.5.12</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
@@ -47,12 +47,12 @@
     <dependency>
       <groupId>org.thymeleaf</groupId>
       <artifactId>thymeleaf</artifactId>
-      <version>3.1.3.RELEASE</version>
+      <version>3.1.4.RELEASE</version>
     </dependency>
     <dependency>
       <groupId>org.thymeleaf</groupId>
       <artifactId>thymeleaf-spring6</artifactId>
-      <version>3.1.3.RELEASE</version>
+      <version>3.1.4.RELEASE</version>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
@@ -73,7 +73,7 @@
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
       <scope>runtime</scope>
-      <version>1.5.19</version>
+      <version>1.5.32</version>
     </dependency>
 
     <dependency>
diff --git a/playground/kinde-springboot-thymeleaf-full-example/pom.xml b/playground/kinde-springboot-thymeleaf-full-example/pom.xml
index 8c51b73b..1eb932c0 100644
--- a/playground/kinde-springboot-thymeleaf-full-example/pom.xml
+++ b/playground/kinde-springboot-thymeleaf-full-example/pom.xml
@@ -28,7 +28,7 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
-            <version>3.5.5</version>
+            <version>3.5.12</version>
         </dependency>
 
         <dependency>
@@ -61,6 +61,16 @@
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
             <version>3.5.5</version>
         </dependency>
+        <dependency>
+            <groupId>org.thymeleaf</groupId>
+            <artifactId>thymeleaf</artifactId>
+            <version>3.1.4.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.thymeleaf</groupId>
+            <artifactId>thymeleaf-spring6</artifactId>
+            <version>3.1.4.RELEASE</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>

From 99862011a34e02a800ee298489f928aaaa145d1b Mon Sep 17 00:00:00 2001
From: dtoxvanilla1991 <dtoxvanilla@gmail.com>
Date: Mon, 27 Apr 2026 23:36:22 +0100
Subject: [PATCH 2/2] fix(dependencies): remove outdated Thymeleaf dependencies
 to enhance security

---
 .../kinde-springboot-pkce-client-example/pom.xml       | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/playground/kinde-springboot-pkce-client-example/pom.xml b/playground/kinde-springboot-pkce-client-example/pom.xml
index 72605464..8737b475 100644
--- a/playground/kinde-springboot-pkce-client-example/pom.xml
+++ b/playground/kinde-springboot-pkce-client-example/pom.xml
@@ -27,16 +27,6 @@
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
             <version>3.5.5</version>
         </dependency>
-        <dependency>
-            <groupId>org.thymeleaf</groupId>
-            <artifactId>thymeleaf</artifactId>
-            <version>3.1.4.RELEASE</version>
-        </dependency>
-        <dependency>
-            <groupId>org.thymeleaf</groupId>
-            <artifactId>thymeleaf-spring6</artifactId>
-            <version>3.1.4.RELEASE</version>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>