mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Upgrade to Groovy 2.4.4
Typically, a Spring Boot maintenance release would not move to a new minor version of a dependency. However there is a security vulnerability in Groovy [1] and 2.4.4 is the only release which contains a fix for it. The commit upgrades to 2.4.4, thereby ensuring that users of Groovy are not vulnerable by default. Users of Groovy whose applications are not affected by the vulnerability may choose to downgrade back to 2.3.11 by overriding Spring Boot's dependency management. Closes gh-3540 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
This commit is contained in:
parent
d2d71934b6
commit
9b6538d5bd
@ -66,7 +66,7 @@
|
||||
<gemfire.version>7.0.2</gemfire.version>
|
||||
<glassfish-el.version>3.0.0</glassfish-el.version>
|
||||
<gradle.version>1.6</gradle.version>
|
||||
<groovy.version>2.3.11</groovy.version>
|
||||
<groovy.version>2.4.4</groovy.version>
|
||||
<gson.version>2.3.1</gson.version>
|
||||
<h2.version>1.4.187</h2.version>
|
||||
<hamcrest.version>1.3</hamcrest.version>
|
||||
|
Loading…
Reference in New Issue
Block a user