Upgrade to Groovy 2.4.4

Typically, a Spring Boot maintenance release would not move to a new minor version of a dependency. However there is a security vulnerability in Groovy [1] and 2.4.4 is the only release which contains a fix for it. The commit upgrades to 2.4.4, thereby ensuring that users of Groovy are not vulnerable by default. Users of Groovy whose applications are not affected by the vulnerability may choose to downgrade back to 2.3.11 by overriding Spring Boot's dependency management. Closes gh-3540 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
2024-07-15 01:07:30 +08:00 · 2015-07-22 10:33:15 +01:00 · 2015-07-22 10:33:15 +01:00 · 9b6538d5bd
commit 9b6538d5bd
parent d2d71934b6
1 changed files with 1 additions and 1 deletions
--- a/spring-boot-dependencies/pom.xml
+++ b/spring-boot-dependencies/pom.xml
@ -66,7 +66,7 @@
 		<gemfire.version>7.0.2</gemfire.version>
 		<glassfish-el.version>3.0.0</glassfish-el.version>
 		<gradle.version>1.6</gradle.version>
-		<groovy.version>2.3.11</groovy.version>
+		<groovy.version>2.4.4</groovy.version>
 		<gson.version>2.3.1</gson.version>
 		<h2.version>1.4.187</h2.version>
 		<hamcrest.version>1.3</hamcrest.version>