From 8a1f88edfdd8c88353120254392b149097b4accd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 6 Jan 2026 22:52:10 +0000 Subject: [PATCH 1/2] Initial plan From 7a31af806b2aa2b43aaf0ed78cdf911b45068752 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 6 Jan 2026 23:04:13 +0000 Subject: [PATCH 2/2] Fix CVE-2022-22965: Upgrade Spring Boot to 2.6.6 (includes Spring Framework 5.3.18) Co-authored-by: glennthomas1 <79942138+glennthomas1@users.noreply.github.com> --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 3a9a458..8bc5172 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -35,7 +35,7 @@ dependencies { implementation ("org.apache.commons:commons-lang3:3.9") implementation ("org.apache.commons:commons-collections4:4.4") - implementation ("org.springframework.boot:spring-boot-starter-web:2.5.10") // Secure and stable + implementation ("org.springframework.boot:spring-boot-starter-web:2.6.6") // Patched for CVE-2022-22965 (Spring4Shell) // Upgrade to Log4j2 which resolves vulnerabilities found in Log4j 1.x implementation ("org.apache.logging.log4j:log4j-core:2.14.1")