From 9b6538d5bd6dac477d8592cdc4d2a7cae1a224a6 Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Wed, 22 Jul 2015 10:33:15 +0100
Subject: [PATCH] Upgrade to Groovy 2.4.4

Typically, a Spring Boot maintenance release would not move to a new
minor version of a dependency. However there is a security
vulnerability in Groovy [1] and 2.4.4 is the only release which
contains a fix for it.

The commit upgrades to 2.4.4, thereby ensuring that users of Groovy
are not vulnerable by default. Users of Groovy whose applications are
not affected by the vulnerability may choose to downgrade back to
2.3.11 by overriding Spring Boot's dependency management.

Closes gh-3540

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
---
 spring-boot-dependencies/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spring-boot-dependencies/pom.xml b/spring-boot-dependencies/pom.xml
index 17fcb4acf94..bdb07e0cb19 100644
--- a/spring-boot-dependencies/pom.xml
+++ b/spring-boot-dependencies/pom.xml
@@ -66,7 +66,7 @@
 		<gemfire.version>7.0.2</gemfire.version>
 		<glassfish-el.version>3.0.0</glassfish-el.version>
 		<gradle.version>1.6</gradle.version>
-		<groovy.version>2.3.11</groovy.version>
+		<groovy.version>2.4.4</groovy.version>
 		<gson.version>2.3.1</gson.version>
 		<h2.version>1.4.187</h2.version>
 		<hamcrest.version>1.3</hamcrest.version>