From 67e4d1a61d4f0586150a968e69751aad4977b97a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 4 Dec 2025 04:45:01 +0000 Subject: [PATCH 1/2] Initial plan From b844668cc43d3869385d7168f93f8385bd23b1ec Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 4 Dec 2025 04:50:47 +0000 Subject: [PATCH 2/2] Upgrade Spring Boot to 3.4.0 (Spring Framework 6.2.0) to fix CVE-2016-1000027 Co-authored-by: pagarwal-dev <224537592+pagarwal-dev@users.noreply.github.com> --- build.gradle.kts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 3a9a458..a095a55 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -8,6 +8,11 @@ plugins { group = "org.example" version = "1.0-SNAPSHOT" +java { + sourceCompatibility = JavaVersion.VERSION_17 + targetCompatibility = JavaVersion.VERSION_17 +} + repositories { mavenCentral() } @@ -35,7 +40,7 @@ dependencies { implementation ("org.apache.commons:commons-lang3:3.9") implementation ("org.apache.commons:commons-collections4:4.4") - implementation ("org.springframework.boot:spring-boot-starter-web:2.5.10") // Secure and stable + implementation ("org.springframework.boot:spring-boot-starter-web:3.4.0") // Updated to Spring Framework 6.2.x to fix CVE-2016-1000027 // Upgrade to Log4j2 which resolves vulnerabilities found in Log4j 1.x implementation ("org.apache.logging.log4j:log4j-core:2.14.1")