From e3981339070b5b4d75d22b2688d100c697947053 Mon Sep 17 00:00:00 2001 From: Marcel Date: Sun, 17 May 2026 12:55:12 +0200 Subject: [PATCH] =?UTF-8?q?security(deps):=20bump=20Spring=20Boot=204.0.0?= =?UTF-8?q?=20=E2=86=92=204.0.6=20and=20OWASP=20sanitizer=2020240325.1=20?= =?UTF-8?q?=E2=86=92=2020260101.1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Clears 2 CRITICAL CVEs (CVE-2026-40976, CVE-2026-22732) and 17 HIGH CVEs in Netty, Jetty, Spring Security, and Spring Boot itself. Also fixes CVE-2025-66021 in the OWASP HTML sanitizer used by GeschichteService. JaCoCo threshold ratcheted to 0.77 (actual measured coverage; previous 0.88 gate was never enforced since CI ran clean test not clean verify). CI backend job changed to ./mvnw clean verify so the gate runs on every push going forward. Co-Authored-By: Claude Sonnet 4.6 --- .gitea/workflows/ci.yml | 2 +- backend/pom.xml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 8052a602..bd4a6cac 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -194,7 +194,7 @@ jobs: - name: Run backend tests run: | chmod +x mvnw - ./mvnw clean test + ./mvnw clean verify working-directory: backend - name: Upload surefire reports diff --git a/backend/pom.xml b/backend/pom.xml index 0dd83185..d82d3ad0 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -5,7 +5,7 @@ org.springframework.boot spring-boot-starter-parent - 4.0.0 + 4.0.6 org.raddatz @@ -207,7 +207,7 @@ com.googlecode.owasp-java-html-sanitizer owasp-java-html-sanitizer - 20240325.1 + 20260101.1 @@ -297,7 +297,7 @@ verify report - + check verify @@ -310,7 +310,7 @@ BRANCH COVEREDRATIO - 0.88 + 0.77