This is an automated email from the ASF dual-hosted git repository.
onichols pushed a commit to branch support/1.12
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.12 by this push:
new f494989 GEODE-10201: Bump spring from 5.2.15 to 5.2.20
f494989 is described below
commit f494989b82040f4921571216ede00ddb46825944
Author: Owen Nichols <[email protected]>
AuthorDate: Thu Mar 31 12:34:24 2022 -0700
GEODE-10201: Bump spring from 5.2.15 to 5.2.20
see
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
---
.../src/test/resources/expected-pom.xml | 20 ++++++++++----------
.../gradle/plugins/DependencyConstraints.groovy | 2 +-
.../integrationTest/resources/assembly_content.txt | 10 +++++-----
.../resources/dependency_classpath.txt | 4 ++--
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml
b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index 5dbbda8..c045ce6 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -736,61 +736,61 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
- <version>5.2.15.RELEASE</version>
+ <version>5.2.20.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
diff --git
a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index b845f45..6f67364 100644
---
a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++
b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -239,7 +239,7 @@ class DependencyConstraints implements Plugin<Project> {
entry('spring-security-web')
}
- dependencySet(group: 'org.springframework', version: '5.2.15.RELEASE') {
+ dependencySet(group: 'org.springframework', version: '5.2.20.RELEASE') {
entry('spring-aspects')
entry('spring-beans')
entry('spring-context')
diff --git a/geode-assembly/src/integrationTest/resources/assembly_content.txt
b/geode-assembly/src/integrationTest/resources/assembly_content.txt
index f5eb955..41a4467 100644
--- a/geode-assembly/src/integrationTest/resources/assembly_content.txt
+++ b/geode-assembly/src/integrationTest/resources/assembly_content.txt
@@ -1060,12 +1060,12 @@ lib/shiro-event-1.8.0.jar
lib/shiro-lang-1.8.0.jar
lib/slf4j-api-1.7.28.jar
lib/snappy-0.4.jar
-lib/spring-beans-5.2.15.RELEASE.jar
-lib/spring-context-5.2.15.RELEASE.jar
-lib/spring-core-5.2.15.RELEASE.jar
-lib/spring-jcl-5.2.15.RELEASE.jar
+lib/spring-beans-5.2.20.RELEASE.jar
+lib/spring-context-5.2.20.RELEASE.jar
+lib/spring-core-5.2.20.RELEASE.jar
+lib/spring-jcl-5.2.20.RELEASE.jar
lib/spring-shell-1.2.0.RELEASE.jar
-lib/spring-web-5.2.15.RELEASE.jar
+lib/spring-web-5.2.20.RELEASE.jar
lib/swagger-annotations-1.5.23.jar
tools/ClientProtocol/geode-protobuf-messages-definitions-0.0.0.zip
tools/Extensions/geode-web-0.0.0.war
diff --git
a/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
b/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
index 6ee5dcb..34826e8 100644
--- a/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
+++ b/geode-assembly/src/integrationTest/resources/dependency_classpath.txt
@@ -65,13 +65,13 @@ shiro-crypto-core-1.8.0.jar
shiro-lang-1.8.0.jar
slf4j-api-1.7.28.jar
swagger-annotations-1.5.23.jar
-spring-core-5.2.15.RELEASE.jar
+spring-core-5.2.20.RELEASE.jar
javax.activation-api-1.2.0.jar
jline-2.12.jar
HdrHistogram-2.1.12.jar
LatencyUtils-2.0.3.jar
javax.transaction-api-1.3.jar
-spring-jcl-5.2.15.RELEASE.jar
+spring-jcl-5.2.20.RELEASE.jar
commons-codec-1.11.jar
jetty-xml-9.4.39.v20210325.jar
jetty-http-9.4.39.v20210325.jar
