From 6e3c49ec6cb06a048a221e359982bde24456191a Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:27:24 +0000 Subject: [PATCH 01/13] [lineaje] Update org.apache.xmlgraphics:batik-transcoder:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 373 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 186 insertions(+), 187 deletions(-) diff --git a/pom.xml b/pom.xml index 7f8c9c7..2c352f0 100644 --- a/pom.xml +++ b/pom.xml @@ -1,187 +1,186 @@ - - 4.0.0 - - com.example - my-app - 1.0-SNAPSHOT - - - 1.8 - 1.8 - - - - - junit - junit - 4.12 - test - - - org.springframework - spring-core - 5.3.9 - - - com.fasterxml.jackson.core - jackson-databind - 2.12.3 - - - org.apache.commons - commons-lang3 - 3.12.0 - - - org.apache.logging.log4j - log4j-core - 2.14.1 - - - org.apache.logging.log4j - log4j-api - 2.14.1 - - - org.hibernate - hibernate-core - 5.4.32.Final - - - org.apache.httpcomponents - httpclient - 4.5.13 - - - org.apache.httpcomponents - httpcore - 4.4.14 - - - org.apache.poi - poi - 5.0.0 - - - org.apache.poi - poi-ooxml - 5.0.0 - - - org.apache.poi - poi-ooxml-schemas - 4.1.2 - - - org.apache.commons - commons-io - 2.8.0 - - - org.apache.commons - commons-collections4 - 4.4 - - - org.apache.commons - commons-math3 - 3.6.1 - - - org.apache.commons - commons-codec - 1.15 - - - org.apache.commons - commons-dbcp2 - 2.8.0 - - - org.apache.commons - commons-pool2 - 2.9.0 - - - org.apache.commons - commons-text - 1.9 - - - org.apache.commons - commons-validator - 1.7 - - - org.apache.commons - commons-jxpath - 1.3 - - - org.apache.commons - commons-beanutils - 1.9.4 - - - org.apache.commons - commons-digester3 - 3.3 - - - org.apache.commons - commons-configuration2 - 2.7 - - - org.apache.commons - commons-vfs2 - 2.8.0 - - - org.apache.commons - commons-compress - 1.21 - - - org.apache.commons - commons-exec - 1.3 - - - org.apache.commons - commons-net - 3.8.0 - - - org.apache.commons - commons-email - 1.5 - - - org.apache.commons - commons-jcs - 2.2 - - - org.apache.commons - commons-jexl3 - 3.1 - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - 3.8.1 - - 1.8 - 1.8 - - - - - + + 4.0.0 + com.example + my-app + 1.0-SNAPSHOT + + 1.8 + 1.8 + + + + junit + junit + 4.12 + test + + + org.springframework + spring-core + 5.3.9 + + + com.fasterxml.jackson.core + jackson-databind + 2.12.3 + + + org.apache.commons + commons-lang3 + 3.12.0 + + + org.apache.logging.log4j + log4j-core + 2.14.1 + + + org.apache.logging.log4j + log4j-api + 2.14.1 + + + org.hibernate + hibernate-core + 5.4.32.Final + + + org.apache.httpcomponents + httpclient + 4.5.13 + + + org.apache.httpcomponents + httpcore + 4.4.14 + + + org.apache.poi + poi + 5.0.0 + + + org.apache.poi + poi-ooxml + 5.0.0 + + + org.apache.poi + poi-ooxml-schemas + 4.1.2 + + + org.apache.commons + commons-io + 2.8.0 + + + org.apache.commons + commons-collections4 + 4.4 + + + org.apache.commons + commons-math3 + 3.6.1 + + + org.apache.commons + commons-codec + 1.15 + + + org.apache.commons + commons-dbcp2 + 2.8.0 + + + org.apache.commons + commons-pool2 + 2.9.0 + + + org.apache.commons + commons-text + 1.9 + + + org.apache.commons + commons-validator + 1.7 + + + org.apache.commons + commons-jxpath + 1.3 + + + org.apache.commons + commons-beanutils + 1.9.4 + + + org.apache.commons + commons-digester3 + 3.3 + + + org.apache.commons + commons-configuration2 + 2.7 + + + org.apache.commons + commons-vfs2 + 2.8.0 + + + org.apache.commons + commons-compress + 1.21 + + + org.apache.commons + commons-exec + 1.3 + + + org.apache.commons + commons-net + 3.8.0 + + + org.apache.commons + commons-email + 1.5 + + + org.apache.commons + commons-jcs + 2.2 + + + org.apache.commons + commons-jexl3 + 3.1 + + + org.apache.xmlgraphics + batik-transcoder:1.13 + 1.17 + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.8.1 + + 1.8 + 1.8 + + + + + \ No newline at end of file From 47764139d28b0264a2bad00f66f3e5ed1b7091f8 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:29:31 +0000 Subject: [PATCH 02/13] [lineaje] Update org.apache.poi:poi-ooxml:5.0.0 to 5.4.0 Fixes CVEs - CVE-2025-31672 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 2c352f0..5e8322f 100644 --- a/pom.xml +++ b/pom.xml @@ -169,6 +169,11 @@ batik-transcoder:1.13 1.17 + + org.apache.poi + poi-ooxml:5.0.0 + 5.4.0 + From 621c81d53987fb2b2eb813d45271ee7390adeda5 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:32:40 +0000 Subject: [PATCH 03/13] [lineaje] Update org.springframework:spring-core:5.3.9 to 5.3.14 Fixes CVEs - CVE-2021-22060,CVE-2021-22096 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 5e8322f..c16edf1 100644 --- a/pom.xml +++ b/pom.xml @@ -174,6 +174,11 @@ poi-ooxml:5.0.0 5.4.0 + + org.springframework + spring-core:5.3.9 + 5.3.14 + From ab955cd4278eccd392c439e61031f5ef62054f20 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:35:20 +0000 Subject: [PATCH 04/13] [lineaje] Update xalan:xalan:2.7.2 to 2.7.3 Fixes CVEs - CVE-2022-34169 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index c16edf1..a45a778 100644 --- a/pom.xml +++ b/pom.xml @@ -179,6 +179,11 @@ spring-core:5.3.9 5.3.14 + + xalan + xalan:2.7.2 + 2.7.3 + From 242859d650228e9b9bee2a51a39ac32aa2cf76bf Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:39:03 +0000 Subject: [PATCH 05/13] [lineaje] Update org.apache.santuario:xmlsec:2.2.1 to 2.2.3 Fixes CVEs - CVE-2021-40690,CVE-2023-44483 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index a45a778..12340c8 100644 --- a/pom.xml +++ b/pom.xml @@ -184,6 +184,11 @@ xalan:2.7.2 2.7.3 + + org.apache.santuario + xmlsec:2.2.1 + 2.2.3 + From fe5b98694555189f23de8b2ca43e8c8fe64a659f Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:42:12 +0000 Subject: [PATCH 06/13] [lineaje] Update com.fasterxml.woodstox:woodstox-core:5.2.1 to 5.4.0 Fixes CVEs - CVE-2022-40152 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 12340c8..d48f551 100644 --- a/pom.xml +++ b/pom.xml @@ -189,6 +189,11 @@ xmlsec:2.2.1 2.2.3 + + com.fasterxml.woodstox + woodstox-core:5.2.1 + 5.4.0 + From e4c4c04b09961b12a0bf2e8b8451efb99872c174 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:43:47 +0000 Subject: [PATCH 07/13] [lineaje] Update org.apache.xmlgraphics:batik-bridge:1.13 to 1.17 Fixes CVEs - CVE-2022-44729 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index d48f551..db694f2 100644 --- a/pom.xml +++ b/pom.xml @@ -194,6 +194,11 @@ woodstox-core:5.2.1 5.4.0 + + org.apache.xmlgraphics + batik-bridge:1.13 + 1.17 + From 441bcae569a5f4275f78a09ef40d7ab35d684929 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:47:01 +0000 Subject: [PATCH 08/13] [lineaje] Update org.apache.xmlgraphics:batik-script:1.13 to 1.17 Fixes CVEs - CVE-2022-44730 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index db694f2..500761a 100644 --- a/pom.xml +++ b/pom.xml @@ -199,6 +199,11 @@ batik-bridge:1.13 1.17 + + org.apache.xmlgraphics + batik-script:1.13 + 1.17 + From 8c30d17ca4ced53bdf92f04ef12f1cbbdccf8b7f Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:48:38 +0000 Subject: [PATCH 09/13] [lineaje] Update com.fasterxml.jackson.core:jackson-core:2.12.3 to 2.15.0 Fixes CVEs - CVE-2025-49128,GHSA-H46C-H94J-95F3,GHSA-WF8F-6423-GFXG --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 500761a..ed2d8ee 100644 --- a/pom.xml +++ b/pom.xml @@ -204,6 +204,11 @@ batik-script:1.13 1.17 + + com.fasterxml.jackson.core + jackson-core:2.12.3 + 2.15.0 + From 4cdc2d5c0cc71d55e0279d84a0172ed496d57bf9 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:50:44 +0000 Subject: [PATCH 10/13] [lineaje] Update org.apache.logging.log4j:log4j-core:2.14.1 to 2.12.4 Fixes CVEs - CVE-2021-44228,CVE-2021-44832,CVE-2021-45046,CVE-2021-45105 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index ed2d8ee..da9fc12 100644 --- a/pom.xml +++ b/pom.xml @@ -209,6 +209,11 @@ jackson-core:2.12.3 2.15.0 + + org.apache.logging.log4j + log4j-core:2.14.1 + 2.12.4 + From 4218abdfc7588efca09deae03fe91471d57d8b09 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:53:28 +0000 Subject: [PATCH 11/13] [lineaje] Update org.apache.commons:commons-text:1.9 to 1.10.0 Fixes CVEs - CVE-2022-42889 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index da9fc12..36bcd35 100644 --- a/pom.xml +++ b/pom.xml @@ -214,6 +214,11 @@ log4j-core:2.14.1 2.12.4 + + org.apache.commons + commons-text:1.9 + 1.10.0 + From 47301eca8a40612a7ab669d3dfbfbcd6df726ac9 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:56:37 +0000 Subject: [PATCH 12/13] [lineaje] Update org.apache.xmlgraphics:xmlgraphics-commons:2.4 to 2.6 Fixes CVEs - CVE-2020-11988 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 36bcd35..851c706 100644 --- a/pom.xml +++ b/pom.xml @@ -219,6 +219,11 @@ commons-text:1.9 1.10.0 + + org.apache.xmlgraphics + xmlgraphics-commons:2.4 + 2.6 + From e79135a608d17d8f719ef9158d1e93fa6651c95c Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Sun, 21 Dec 2025 19:58:44 +0000 Subject: [PATCH 13/13] [lineaje] Update org.apache.commons:commons-configuration2:2.7 to 2.10.1 Fixes CVEs - CVE-2022-33980,CVE-2024-29131,CVE-2024-29133 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 851c706..0aad753 100644 --- a/pom.xml +++ b/pom.xml @@ -224,6 +224,11 @@ xmlgraphics-commons:2.4 2.6 + + org.apache.commons + commons-configuration2:2.7 + 2.10.1 +