Skip to content

GEODE-10572: Remediation of CVE-2025-22235#7993

Merged
JinwooHwang merged 1 commit intoapache:developfrom
JinwooHwang:feature/GEODE-10572
Mar 13, 2026
Merged

GEODE-10572: Remediation of CVE-2025-22235#7993
JinwooHwang merged 1 commit intoapache:developfrom
JinwooHwang:feature/GEODE-10572

Conversation

@JinwooHwang
Copy link
Contributor

@JinwooHwang JinwooHwang commented Mar 12, 2026

Summary

Upgrades Spring Boot from 3.3.5 to 3.3.13 to address security vulnerabilities reported in CVE-2025-22235.

Changes

  • DependencyConstraints.groovy: bumped springboot.version to 3.3.13
  • boms/geode-all-bom/src/test/resources/expected-pom.xml: updated versions to 3.3.13; added missing spring-boot-starter-validation and spring-boot-autoconfigure entries
  • geode-assembly/src/integrationTest/resources/assembly_content.txt: updated spring-boot jar versions
  • geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt: updated spring-boot jar versions
  • geode-server-all/src/integrationTest/resources/dependency_classpath.txt: updated spring-boot jar versions

For all changes, please confirm:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
  • Has your PR been rebased against the latest commit within the target branch (typically develop)?
  • Is your initial contribution a single, squashed commit?
  • Does gradlew build run cleanly?
  • Have you written or updated unit tests to verify your changes?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

@JinwooHwang
Copy link
Contributor Author

JinwooHwang commented Mar 12, 2026

Thank you very much @marinov-code

@JinwooHwang JinwooHwang force-pushed the feature/GEODE-10572 branch 2 times, most recently from 2b90279 to 736e230 Compare March 13, 2026 10:01
@JinwooHwang JinwooHwang force-pushed the feature/GEODE-10572 branch from 736e230 to ee1350a Compare March 13, 2026 12:40
@JinwooHwang JinwooHwang merged commit 4bd2b9f into apache:develop Mar 13, 2026
14 of 15 checks passed
JinwooHwang added a commit that referenced this pull request Mar 13, 2026
@JinwooHwang
GEODE-10572: Upgrade Spring Boot to 3.3.13 (#7993)
7cd3770
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marinov-code marinov-code marinov-code approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JinwooHwang @marinov-code