From 06b8bae6dd4d8b4e3526d656084401ba748c9dd4 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 16:56:39 +0000 Subject: [PATCH 01/20] [lineaje] Update org.bouncycastle:bcprov-jdk15on:1.68 to 1.78 Fixes CVEs - CVE-2023-33201,CVE-2023-33202,CVE-2024-29857,CVE-2024-30171,CVE-2024-30172 --- pom.xml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index 7f8c9c7..9a86477 100644 --- a/pom.xml +++ b/pom.xml @@ -1,17 +1,12 @@ - + 4.0.0 - com.example my-app 1.0-SNAPSHOT - 1.8 1.8 - junit @@ -169,8 +164,12 @@ commons-jexl3 3.1 + + org.bouncycastle + bcprov-jdk15on + 1.78 + - @@ -184,4 +183,4 @@ - + \ No newline at end of file From bb53f2d10d152cd3c2c16410b020119591988022 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 16:58:15 +0000 Subject: [PATCH 02/20] [lineaje] Update org.apache.poi:poi-ooxml:5.0.0 to 5.4.0 Fixes CVEs - CVE-2025-31672 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9a86477..7b344b4 100644 --- a/pom.xml +++ b/pom.xml @@ -62,7 +62,7 @@ org.apache.poi poi-ooxml - 5.0.0 + 5.4.0 org.apache.poi From 7044b9e57c0b3c49d0b8da2ff37006035e0ad34b Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 16:59:51 +0000 Subject: [PATCH 03/20] [lineaje] Update org.apache.xmlgraphics:batik-transcoder:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 7b344b4..774ae01 100644 --- a/pom.xml +++ b/pom.xml @@ -169,6 +169,11 @@ bcprov-jdk15on 1.78 + + org.apache.xmlgraphics + batik-transcoder + 1.17 + From 85867b307e1dd66eb8ec62923e6fb5ec7905e5c7 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:01:28 +0000 Subject: [PATCH 04/20] [lineaje] Update org.springframework:spring-core:5.3.9 to 5.3.14 Fixes CVEs - CVE-2021-22060,CVE-2021-22096 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 774ae01..43fbca4 100644 --- a/pom.xml +++ b/pom.xml @@ -17,7 +17,7 @@ org.springframework spring-core - 5.3.9 + 5.3.14 com.fasterxml.jackson.core From a2662892636d921c6b3df5d9da17d1b3df88484e Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:03:04 +0000 Subject: [PATCH 05/20] [lineaje] Update org.apache.santuario:xmlsec:2.2.1 to 2.2.3 Fixes CVEs - CVE-2021-40690,CVE-2023-44483 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 43fbca4..3442e03 100644 --- a/pom.xml +++ b/pom.xml @@ -174,6 +174,11 @@ batik-transcoder 1.17 + + org.apache.santuario + xmlsec + 2.3.4 + From a26582a58d85ecdc406431fa13a5bef2ac5435f2 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:04:41 +0000 Subject: [PATCH 06/20] [lineaje] Update xalan:xalan:2.7.2 to 2.7.3 Fixes CVEs - CVE-2022-34169 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 3442e03..c9bafe7 100644 --- a/pom.xml +++ b/pom.xml @@ -179,6 +179,11 @@ xmlsec 2.3.4 + + xalan + xalan + 2.7.3 + From 8ff676e2c5efa5b47078c1e0ede4e68399db7032 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:06:18 +0000 Subject: [PATCH 07/20] [lineaje] Update org.apache.xmlgraphics:batik-svgbrowser:1.13 to 1.14 Fixes CVEs - CVE-2020-11987 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index c9bafe7..c73466d 100644 --- a/pom.xml +++ b/pom.xml @@ -184,6 +184,11 @@ xalan 2.7.3 + + org.apache.xmlgraphics + batik-svgbrowser + 1.14 + From 7a162c9473d29159c35571ea4f0273c28dd05b11 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:07:54 +0000 Subject: [PATCH 08/20] [lineaje] Update org.apache.pdfbox:pdfbox:2.0.22 to 2.0.24 Fixes CVEs - CVE-2021-27807,CVE-2021-27906,CVE-2021-31811,CVE-2021-31812 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index c73466d..dbcda5b 100644 --- a/pom.xml +++ b/pom.xml @@ -189,6 +189,11 @@ batik-svgbrowser 1.14 + + org.apache.pdfbox + pdfbox + 2.0.24 + From e9e57079171c7759848fea1d0b063abc0b9391b0 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:09:30 +0000 Subject: [PATCH 09/20] [lineaje] Update com.fasterxml.woodstox:woodstox-core:5.2.1 to 5.4.0 Fixes CVEs - CVE-2022-40152 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index dbcda5b..e8ac786 100644 --- a/pom.xml +++ b/pom.xml @@ -194,6 +194,11 @@ pdfbox 2.0.24 + + com.fasterxml.woodstox + woodstox-core + 6.4.0 + From a825224cea4eb655a77574d05228307e7ccb8773 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:11:12 +0000 Subject: [PATCH 10/20] [lineaje] Update com.squareup.okio:okio:1.6.0 to 1.17.6 Fixes CVEs - CVE-2023-3635 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index e8ac786..5964880 100644 --- a/pom.xml +++ b/pom.xml @@ -199,6 +199,11 @@ woodstox-core 6.4.0 + + com.squareup.okio + okio + 3.4.0 + From 9a583bc1ad698c532c9ef99db762d741ccf17432 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:12:48 +0000 Subject: [PATCH 11/20] [lineaje] Update com.fasterxml.jackson.core:jackson-databind:2.12.3 to 2.12.7.1 Fixes CVEs - CVE-2020-36518,CVE-2021-46877,CVE-2022-42003,CVE-2022-42004,GHSA-57J2-W4CX-62H2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5964880..30ba891 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ com.fasterxml.jackson.core jackson-databind - 2.12.3 + 2.13.2.1 org.apache.commons From 026b735676561ad71a606af9c9f5625af2cc36e6 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:14:25 +0000 Subject: [PATCH 12/20] [lineaje] Update org.apache.commons:commons-vfs2:2.8.0 to 2.10.0 Fixes CVEs - CVE-2025-27553,CVE-2025-30474 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 30ba891..f3f6750 100644 --- a/pom.xml +++ b/pom.xml @@ -132,7 +132,7 @@ org.apache.commons commons-vfs2 - 2.8.0 + 2.10.0 org.apache.commons From ab8c68de07241ed6434ad85fdd7adc37b52bf382 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:16:01 +0000 Subject: [PATCH 13/20] [lineaje] Update org.apache.xmlgraphics:batik-bridge:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index f3f6750..32e3501 100644 --- a/pom.xml +++ b/pom.xml @@ -204,6 +204,11 @@ okio 3.4.0 + + org.apache.xmlgraphics + batik-bridge + 1.17 + From d64a667d9f7b851aa0f77dc3ef939e6cc2f149c7 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:17:38 +0000 Subject: [PATCH 14/20] [lineaje] Update org.apache.xmlgraphics:batik-script:1.13 to 1.17 Fixes CVEs - CVE-2022-44730 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 32e3501..7376360 100644 --- a/pom.xml +++ b/pom.xml @@ -209,6 +209,11 @@ batik-bridge 1.17 + + org.apache.xmlgraphics + batik-script + 1.17 + From a34f75a632b81fde025f0d218f418592e881d95a Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:19:15 +0000 Subject: [PATCH 15/20] [lineaje] Update org.apache.commons:commons-text:1.9 to 1.10.0 Fixes CVEs - CVE-2022-42889 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7376360..c1fca32 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ org.apache.commons commons-text - 1.9 + 1.10.0 org.apache.commons From ba79eadd8af4c65e0cf04985709a1c7f6a20cabf Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:20:57 +0000 Subject: [PATCH 16/20] [lineaje] Update org.apache.xmlgraphics:batik-svgrasterizer:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index c1fca32..375620a 100644 --- a/pom.xml +++ b/pom.xml @@ -214,6 +214,11 @@ batik-script 1.17 + + org.apache.xmlgraphics + batik-svgrasterizer + 1.17 + From 018ca4cd0369b32315a81db935e9e8abe7c07a12 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:22:33 +0000 Subject: [PATCH 17/20] [lineaje] Update com.fasterxml.jackson.core:jackson-core:2.12.3 to 2.15.0 Fixes CVEs - CVE-2025-49128,GHSA-H46C-H94J-95F3,GHSA-WF8F-6423-GFXG --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 375620a..8499871 100644 --- a/pom.xml +++ b/pom.xml @@ -219,6 +219,11 @@ batik-svgrasterizer 1.17 + + com.fasterxml.jackson.core + jackson-core + 2.15.0 + From 3a7f4b5d791a2ee7764ec3f48e233bd33c9931fe Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:24:09 +0000 Subject: [PATCH 18/20] [lineaje] Update org.apache.logging.log4j:log4j-core:2.14.1 to 2.12.4 Fixes CVEs - CVE-2021-44228,CVE-2021-44832,CVE-2021-45046,CVE-2021-45105 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8499871..3408f71 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.apache.logging.log4j log4j-core - 2.14.1 + 2.17.1 org.apache.logging.log4j From bece738f166b1f6aa284e76879e6ef4d47138c59 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:25:47 +0000 Subject: [PATCH 19/20] [lineaje] Update org.apache.commons:commons-configuration2:2.7 to 2.10.1 Fixes CVEs - CVE-2022-33980,CVE-2024-29131,CVE-2024-29133 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3408f71..2465cfd 100644 --- a/pom.xml +++ b/pom.xml @@ -127,7 +127,7 @@ org.apache.commons commons-configuration2 - 2.7 + 2.10.1 org.apache.commons From ccb2d3a5d8be950011d33ca2b180fff1dc0b1087 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 4 Sep 2025 17:27:24 +0000 Subject: [PATCH 20/20] [lineaje] Update org.apache.xmlgraphics:xmlgraphics-commons:2.4 to 2.6 Fixes CVEs - CVE-2020-11988 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 2465cfd..321fd15 100644 --- a/pom.xml +++ b/pom.xml @@ -224,6 +224,11 @@ jackson-core 2.15.0 + + org.apache.xmlgraphics + xmlgraphics-commons + 2.6 +