From cc91326d2ba49f6e4b18385c87187fced4c3f433 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 15 Jan 2026 08:09:27 +0000 Subject: [PATCH 1/5] [lineaje] Update org.springframework:spring-core:5.3.9 to 5.3.38 Fixes CVEs - CVE-2021-22060,CVE-2021-22096 --- pom.xml | 373 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 186 insertions(+), 187 deletions(-) diff --git a/pom.xml b/pom.xml index 7f8c9c7..69458ed 100644 --- a/pom.xml +++ b/pom.xml @@ -1,187 +1,186 @@ - - 4.0.0 - - com.example - my-app - 1.0-SNAPSHOT - - - 1.8 - 1.8 - - - - - junit - junit - 4.12 - test - - - org.springframework - spring-core - 5.3.9 - - - com.fasterxml.jackson.core - jackson-databind - 2.12.3 - - - org.apache.commons - commons-lang3 - 3.12.0 - - - org.apache.logging.log4j - log4j-core - 2.14.1 - - - org.apache.logging.log4j - log4j-api - 2.14.1 - - - org.hibernate - hibernate-core - 5.4.32.Final - - - org.apache.httpcomponents - httpclient - 4.5.13 - - - org.apache.httpcomponents - httpcore - 4.4.14 - - - org.apache.poi - poi - 5.0.0 - - - org.apache.poi - poi-ooxml - 5.0.0 - - - org.apache.poi - poi-ooxml-schemas - 4.1.2 - - - org.apache.commons - commons-io - 2.8.0 - - - org.apache.commons - commons-collections4 - 4.4 - - - org.apache.commons - commons-math3 - 3.6.1 - - - org.apache.commons - commons-codec - 1.15 - - - org.apache.commons - commons-dbcp2 - 2.8.0 - - - org.apache.commons - commons-pool2 - 2.9.0 - - - org.apache.commons - commons-text - 1.9 - - - org.apache.commons - commons-validator - 1.7 - - - org.apache.commons - commons-jxpath - 1.3 - - - org.apache.commons - commons-beanutils - 1.9.4 - - - org.apache.commons - commons-digester3 - 3.3 - - - org.apache.commons - commons-configuration2 - 2.7 - - - org.apache.commons - commons-vfs2 - 2.8.0 - - - org.apache.commons - commons-compress - 1.21 - - - org.apache.commons - commons-exec - 1.3 - - - org.apache.commons - commons-net - 3.8.0 - - - org.apache.commons - commons-email - 1.5 - - - org.apache.commons - commons-jcs - 2.2 - - - org.apache.commons - commons-jexl3 - 3.1 - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - 3.8.1 - - 1.8 - 1.8 - - - - - + + 4.0.0 + com.example + my-app + 1.0-SNAPSHOT + + 1.8 + 1.8 + + + + junit + junit + 4.12 + test + + + org.springframework + spring-core + 5.3.9 + + + com.fasterxml.jackson.core + jackson-databind + 2.12.3 + + + org.apache.commons + commons-lang3 + 3.12.0 + + + org.apache.logging.log4j + log4j-core + 2.14.1 + + + org.apache.logging.log4j + log4j-api + 2.14.1 + + + org.hibernate + hibernate-core + 5.4.32.Final + + + org.apache.httpcomponents + httpclient + 4.5.13 + + + org.apache.httpcomponents + httpcore + 4.4.14 + + + org.apache.poi + poi + 5.0.0 + + + org.apache.poi + poi-ooxml + 5.0.0 + + + org.apache.poi + poi-ooxml-schemas + 4.1.2 + + + org.apache.commons + commons-io + 2.8.0 + + + org.apache.commons + commons-collections4 + 4.4 + + + org.apache.commons + commons-math3 + 3.6.1 + + + org.apache.commons + commons-codec + 1.15 + + + org.apache.commons + commons-dbcp2 + 2.8.0 + + + org.apache.commons + commons-pool2 + 2.9.0 + + + org.apache.commons + commons-text + 1.9 + + + org.apache.commons + commons-validator + 1.7 + + + org.apache.commons + commons-jxpath + 1.3 + + + org.apache.commons + commons-beanutils + 1.9.4 + + + org.apache.commons + commons-digester3 + 3.3 + + + org.apache.commons + commons-configuration2 + 2.7 + + + org.apache.commons + commons-vfs2 + 2.8.0 + + + org.apache.commons + commons-compress + 1.21 + + + org.apache.commons + commons-exec + 1.3 + + + org.apache.commons + commons-net + 3.8.0 + + + org.apache.commons + commons-email + 1.5 + + + org.apache.commons + commons-jcs + 2.2 + + + org.apache.commons + commons-jexl3 + 3.1 + + + org.springframework + spring-core:5.3.9 + 5.3.38 + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.8.1 + + 1.8 + 1.8 + + + + + \ No newline at end of file From 9cb758474ec8bb1a8a5b3bcbeff69294287cfba3 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 15 Jan 2026 08:17:34 +0000 Subject: [PATCH 2/5] [lineaje] Update org.apache.santuario:xmlsec:2.2.1 to 2.2.6 Fixes CVEs - CVE-2021-40690,CVE-2023-44483 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 69458ed..b246506 100644 --- a/pom.xml +++ b/pom.xml @@ -169,6 +169,11 @@ spring-core:5.3.9 5.3.38 + + org.apache.santuario + xmlsec:2.2.1 + 2.2.6 + From 853fe4dbecc8e62e2f8b62b895ecdcf0d5e71daa Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 15 Jan 2026 08:25:42 +0000 Subject: [PATCH 3/5] [lineaje] Update com.fasterxml.jackson.core:jackson-core:2.12.3 to 2.12.5 Fixes CVEs - CVE-2025-49128,CVE-2025-52999 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index b246506..cd4376b 100644 --- a/pom.xml +++ b/pom.xml @@ -174,6 +174,11 @@ xmlsec:2.2.1 2.2.6 + + com.fasterxml.jackson.core + jackson-core:2.12.3 + 2.12.5 + From 6777b4c8664f73304484b531ab0ed2ac81ef61ae Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 15 Jan 2026 08:33:49 +0000 Subject: [PATCH 4/5] [lineaje] Update xalan:xalan:2.7.2 to 2.7.3 Fixes CVEs - CVE-2022-34169 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index cd4376b..6d72444 100644 --- a/pom.xml +++ b/pom.xml @@ -179,6 +179,11 @@ jackson-core:2.12.3 2.12.5 + + xalan + xalan:2.7.2 + 2.7.3 + From c347ed4f061ec3eb6fb6781be0b17ef061826968 Mon Sep 17 00:00:00 2001 From: "lineaje-autofix[bot]" Date: Thu, 15 Jan 2026 08:41:56 +0000 Subject: [PATCH 5/5] [lineaje] Update com.fasterxml.jackson.core:jackson-databind:2.12.3 to 2.12.7.2 Fixes CVEs - CVE-2020-36518,CVE-2021-46877,CVE-2022-42003,CVE-2022-42004 --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index 6d72444..61e6ccc 100644 --- a/pom.xml +++ b/pom.xml @@ -184,6 +184,11 @@ xalan:2.7.2 2.7.3 + + com.fasterxml.jackson.core + jackson-databind:2.12.3 + 2.12.7.2 +