Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade springframework to version 3.6.1 #1632

Merged
merged 2 commits into from
Dec 18, 2023
Merged

fix: upgrade springframework to version 3.6.1 #1632

merged 2 commits into from
Dec 18, 2023

Conversation

sfendrich
Copy link
Contributor

@sfendrich sfendrich commented Dec 14, 2023
edited
Loading

This fixes https://nvd.nist.gov/vuln/detail/CVE-2023-34053

Closes #1630

Pull Request Checklist

  • 1. I have [rebased][rebase] the latest version of the master branch into my feature branch and all conflicts
    have been resolved.
  • 2. I have added information about the change/addition to functionality to the CHANGELOG.md file under the
    [Unreleased] heading.
  • 3. I have documented my code using JDocs tags.
  • 4. I have removed unnecessary commented out code, imports and System.out.println statements.
  • 5. I have written JUnit tests for any new methods/classes and ensured that they pass.
  • 6. I have created API tests for any new functionality exposed to the API.
  • 7. If changes/additions are made to the ors-config.json file, I have added these to the [ors config documentation][config]
    along with a short description of what it is for, and documented this in the Pull Request (below).
  • 8. I have built graphs with my code of the Heidelberg.osm.gz file and run the api-tests with all test passing
  • 9. I have referenced the Issue Number in the Pull Request (if the changes were from an issue).
  • 10. For new features or changes involving building of graphs, I have tested on a larger dataset
    (at least Germany), and the graphs build without problems (i.e. no out-of-memory errors).
  • 11. For new features or changes involving the graphbuilding process (i.e. changing encoders, updating the
    importer etc.), I have generated longer distance routes for the affected profiles with different options
    (avoid features, max weight etc.) and compared these with the routes of the same parameters and start/end
    points generated from the current live ORS.
    If there are differences then the reasoning for these MUST be documented in the pull request.
  • 12. I have written in the Pull Request information about the changes made including their intended usage
    and why the change was needed.
  • 13. For changes touching the API documentation, I have tested that the API playground [renders correctly][api].

Fixes #1630 .

Information about the changes

  • Key functionality added: upgrade spring framework
  • Reason for change: security vulnerability

Examples and reasons for differences between live ORS routes, and those generated from this pull request

@sfendrich sfendrich changed the title Upgrade springframework to version 3.6.1 fix: upgrade springframework to version 3.6.1 Dec 14, 2023
@github-actions github-actions bot added the fix label Dec 14, 2023
MichaelsJP
MichaelsJP requested changes Dec 15, 2023
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@MichaelsJP MichaelsJP marked this pull request as draft December 15, 2023 11:57
@MichaelsJP MichaelsJP marked this pull request as ready for review December 15, 2023 11:57
@github-actions github-actions bot added fix and removed fix labels Dec 15, 2023
@MichaelsJP MichaelsJP mentioned this pull request Dec 15, 2023
Closed
@MichaelsJP MichaelsJP linked an issue Dec 15, 2023 that may be closed by this pull request
CVE-2023-44487 - org.apache.tomcat:tomcat-coyote #1629
Closed
@sfendrich
Copy link
Contributor Author

Closing and re-opening to re-trigger the stuck sonar process.

@sfendrich sfendrich closed this Dec 18, 2023
@sfendrich sfendrich reopened this Dec 18, 2023
@github-actions github-actions bot added fix and removed fix labels Dec 18, 2023
@sfendrich sfendrich merged commit 6b1a0a7 into master Dec 18, 2023
27 checks passed
@sfendrich sfendrich deleted the fix/CVE-2023-34053 branch December 18, 2023 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelsJP MichaelsJP MichaelsJP requested changes

Assignees

@sfendrich sfendrich

Labels
fix
Projects
No open projects
ors general
Status: Awaiting release
Milestone
No milestone
2 participants
@sfendrich @MichaelsJP