From fe00bd846c614d4c93579f6f7d3dfa2c64ed95e9 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:18:20 +0000 Subject: [PATCH 01/22] [lineaje] Update org.bouncycastle:bcprov-jdk15on:1.68 to 1.78 Fixes CVEs - CVE-2023-33201,CVE-2023-33202,CVE-2024-29857,CVE-2024-30171,CVE-2024-30172 --- pom.xml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index 7f8c9c7..9a86477 100644 --- a/pom.xml +++ b/pom.xml @@ -1,17 +1,12 @@ - + 4.0.0 - com.example my-app 1.0-SNAPSHOT - 1.8 1.8 - junit @@ -169,8 +164,12 @@ commons-jexl3 3.1 + + org.bouncycastle + bcprov-jdk15on + 1.78 + - @@ -184,4 +183,4 @@ - + \ No newline at end of file From 1eaf3b349642c75ea62bd015a233d19dabbb5393 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:19:55 +0000 Subject: [PATCH 02/22] [lineaje] Update org.apache.poi:poi-ooxml:5.0.0 to 5.4.0 Fixes CVEs - CVE-2025-31672 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9a86477..7b344b4 100644 --- a/pom.xml +++ b/pom.xml @@ -62,7 +62,7 @@ org.apache.poi poi-ooxml - 5.0.0 + 5.4.0 org.apache.poi From c1420c410fa210544b30da1b2ad5dd2ac899ed70 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:21:31 +0000 Subject: [PATCH 03/22] [lineaje] Update org.apache.xmlgraphics:batik-transcoder:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 7b344b4..774ae01 100644 --- a/pom.xml +++ b/pom.xml @@ -169,6 +169,11 @@ bcprov-jdk15on 1.78 + + org.apache.xmlgraphics + batik-transcoder + 1.17 + From 848e211f48ff220371d8fac6910665be22d98d0d Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:23:06 +0000 Subject: [PATCH 04/22] [lineaje] Update org.springframework:spring-core:5.3.9 to 5.3.14 Fixes CVEs - CVE-2021-22060,CVE-2021-22096 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 774ae01..43fbca4 100644 --- a/pom.xml +++ b/pom.xml @@ -17,7 +17,7 @@ org.springframework spring-core - 5.3.9 + 5.3.14 com.fasterxml.jackson.core From 840ea9a528945737651a7e70e3d53d7cf75b47c1 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:24:42 +0000 Subject: [PATCH 05/22] [lineaje] Update org.apache.santuario:xmlsec:2.2.1 to 2.2.3 Fixes CVEs - CVE-2021-40690,CVE-2023-44483 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 43fbca4..3442e03 100644 --- a/pom.xml +++ b/pom.xml @@ -174,6 +174,11 @@ batik-transcoder 1.17 + + org.apache.santuario + xmlsec + 2.3.4 + From 988c325faf74996400b6000bcad6dafe632a298e Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:26:17 +0000 Subject: [PATCH 06/22] [lineaje] Update xalan:xalan:2.7.2 to 2.7.3 Fixes CVEs - CVE-2022-34169 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 3442e03..c9bafe7 100644 --- a/pom.xml +++ b/pom.xml @@ -179,6 +179,11 @@ xmlsec 2.3.4 + + xalan + xalan + 2.7.3 + From 52ac8315b547f61ed5febb165b46ef27a51e1982 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:27:53 +0000 Subject: [PATCH 07/22] [lineaje] Update org.apache.xmlgraphics:batik-svgbrowser:1.13 to 1.14 Fixes CVEs - CVE-2020-11987 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index c9bafe7..c73466d 100644 --- a/pom.xml +++ b/pom.xml @@ -184,6 +184,11 @@ xalan 2.7.3 + + org.apache.xmlgraphics + batik-svgbrowser + 1.14 + From c6d73712d1d4a02f730c59704728e05390d7f785 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:29:28 +0000 Subject: [PATCH 08/22] [lineaje] Update org.apache.pdfbox:pdfbox:2.0.22 to 2.0.24 Fixes CVEs - CVE-2021-27807,CVE-2021-27906,CVE-2021-31811,CVE-2021-31812 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index c73466d..dbcda5b 100644 --- a/pom.xml +++ b/pom.xml @@ -189,6 +189,11 @@ batik-svgbrowser 1.14 + + org.apache.pdfbox + pdfbox + 2.0.24 + From cff8a428596b6309c207b0c605f898361c75b6d2 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:31:04 +0000 Subject: [PATCH 09/22] [lineaje] Update commons-io:commons-io:1.3.1 to 2.7 Fixes CVEs - CVE-2021-29425 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index dbcda5b..2a33fd9 100644 --- a/pom.xml +++ b/pom.xml @@ -194,6 +194,11 @@ pdfbox 2.0.24 + + commons-io + commons-io + 2.7 + From 658ec1be5ce01b4b320310218aa9db91d6f13fd7 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:32:40 +0000 Subject: [PATCH 10/22] [lineaje] Update com.fasterxml.woodstox:woodstox-core:5.2.1 to 5.4.0 Fixes CVEs - CVE-2022-40152 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 2a33fd9..3c94b54 100644 --- a/pom.xml +++ b/pom.xml @@ -199,6 +199,11 @@ commons-io 2.7 + + com.fasterxml.woodstox + woodstox-core + 6.4.0 + From 8b4b5e3651bb829c9af342f29d1397b21c3fd3a1 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:34:16 +0000 Subject: [PATCH 11/22] [lineaje] Update com.squareup.okio:okio:1.6.0 to 1.17.6 Fixes CVEs - CVE-2023-3635 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 3c94b54..ea3f4de 100644 --- a/pom.xml +++ b/pom.xml @@ -204,6 +204,11 @@ woodstox-core 6.4.0 + + com.squareup.okio + okio + 3.4.0 + From e4109605692fc0401c5969d1cf0001d3e4183a5e Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:35:51 +0000 Subject: [PATCH 12/22] [lineaje] Update com.fasterxml.jackson.core:jackson-databind:2.12.3 to 2.12.7.1 Fixes CVEs - CVE-2020-36518,CVE-2021-46877,CVE-2022-42003,CVE-2022-42004,GHSA-57J2-W4CX-62H2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ea3f4de..bdc356c 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ com.fasterxml.jackson.core jackson-databind - 2.12.3 + 2.13.2.1 org.apache.commons From 5df0490fa9fe9ce052a603902c1949b0243cf570 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:37:27 +0000 Subject: [PATCH 13/22] [lineaje] Update org.apache.commons:commons-vfs2:2.8.0 to 2.10.0 Fixes CVEs - CVE-2025-27553,CVE-2025-30474 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bdc356c..2ac6a92 100644 --- a/pom.xml +++ b/pom.xml @@ -132,7 +132,7 @@ org.apache.commons commons-vfs2 - 2.8.0 + 2.10.0 org.apache.commons From 6b323243c836f3ceb60ea6c9007cde10345d3ef6 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:39:03 +0000 Subject: [PATCH 14/22] [lineaje] Update org.apache.xmlgraphics:batik-bridge:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 2ac6a92..a502ca5 100644 --- a/pom.xml +++ b/pom.xml @@ -209,6 +209,11 @@ okio 3.4.0 + + org.apache.xmlgraphics + batik-bridge + 1.17 + From 19dc39d332174c0904f5bee53b8ef79bc86abc70 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:40:38 +0000 Subject: [PATCH 15/22] [lineaje] Update org.apache.xmlgraphics:batik-script:1.13 to 1.17 Fixes CVEs - CVE-2022-44730 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index a502ca5..b15562a 100644 --- a/pom.xml +++ b/pom.xml @@ -214,6 +214,11 @@ batik-bridge 1.17 + + org.apache.xmlgraphics + batik-script + 1.17 + From 4d2de1677b7c94844c92e054dea35b45c309c8e3 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:42:15 +0000 Subject: [PATCH 16/22] [lineaje] Update org.apache.commons:commons-text:1.9 to 1.10.0 Fixes CVEs - CVE-2022-42889 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b15562a..0c12f24 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ org.apache.commons commons-text - 1.9 + 1.10.0 org.apache.commons From af1cbcfbffef381f4d64b6222f13dd9377ca1de0 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:43:51 +0000 Subject: [PATCH 17/22] [lineaje] Update org.apache.xmlgraphics:batik-svgrasterizer:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 0c12f24..d832b8c 100644 --- a/pom.xml +++ b/pom.xml @@ -219,6 +219,11 @@ batik-script 1.17 + + org.apache.xmlgraphics + batik-svgrasterizer + 1.17 + From 8ca382204c85fd87c60a29655b9bd1a227b65ff4 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:45:27 +0000 Subject: [PATCH 18/22] [lineaje] Update com.fasterxml.jackson.core:jackson-core:2.12.3 to 2.15.0 Fixes CVEs - CVE-2025-49128,GHSA-H46C-H94J-95F3,GHSA-WF8F-6423-GFXG --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index d832b8c..9e55c23 100644 --- a/pom.xml +++ b/pom.xml @@ -224,6 +224,11 @@ batik-svgrasterizer 1.17 + + com.fasterxml.jackson.core + jackson-core + 2.15.0 + From 532db46f8044c0e5f8c63b8ad9358cbd26fb4b2f Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:47:02 +0000 Subject: [PATCH 19/22] [lineaje] Update org.apache.logging.log4j:log4j-core:2.14.1 to 2.12.4 Fixes CVEs - CVE-2021-44228,CVE-2021-44832,CVE-2021-45046,CVE-2021-45105 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9e55c23..e2617e4 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.apache.logging.log4j log4j-core - 2.14.1 + 2.17.1 org.apache.logging.log4j From 3a8a928dc67b38ee437f1ba1b048a83b986d4585 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:48:38 +0000 Subject: [PATCH 20/22] [lineaje] Update org.apache.commons:commons-configuration2:2.7 to 2.10.1 Fixes CVEs - CVE-2022-33980,CVE-2024-29131,CVE-2024-29133 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e2617e4..cc6a0af 100644 --- a/pom.xml +++ b/pom.xml @@ -127,7 +127,7 @@ org.apache.commons commons-configuration2 - 2.7 + 2.10.1 org.apache.commons From 124dd942178564e08bf55055781aff8cc69f7da0 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:50:14 +0000 Subject: [PATCH 21/22] [lineaje] Update org.apache.xmlgraphics:xmlgraphics-commons:2.4 to 2.6 Fixes CVEs - CVE-2020-11988 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index cc6a0af..2d7dd2d 100644 --- a/pom.xml +++ b/pom.xml @@ -229,6 +229,11 @@ jackson-core 2.15.0 + + org.apache.xmlgraphics + xmlgraphics-commons + 2.6 + From 4ac0770a0fafc5eb889880ba4484065bedfe4b26 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Fri, 5 Sep 2025 05:51:50 +0000 Subject: [PATCH 22/22] [lineaje] Update org.apache.commons:commons-compress:1.21 to 1.26.0 Fixes CVEs - CVE-2024-25710,CVE-2024-26308,GHSA-4265-CCF5-PHJ5 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2d7dd2d..029f725 100644 --- a/pom.xml +++ b/pom.xml @@ -137,7 +137,7 @@ org.apache.commons commons-compress - 1.21 + 1.26.0 org.apache.commons