marcel/familienarchiv
1
0
Fork 0
Code Issues 102 Pull Requests Actions Packages Projects Releases Wiki Activity

security(deps): bump Spring Boot 4.0.0 → 4.0.6 and OWASP sanitizer 20240325.1 → 20260101.1
All checks were successful
CI / Unit & Component Tests (pull_request) Successful in 3m6s
Details
CI / OCR Service Tests (pull_request) Successful in 17s
Details
CI / Backend Unit Tests (pull_request) Successful in 3m8s
Details
CI / fail2ban Regex (pull_request) Successful in 41s
Details
CI / Compose Bucket Idempotency (pull_request) Successful in 58s
Details
CI / Unit & Component Tests (push) Successful in 3m5s
Details
CI / OCR Service Tests (push) Successful in 18s
Details
CI / Backend Unit Tests (push) Successful in 2m57s
Details
CI / fail2ban Regex (push) Successful in 39s
Details
CI / Compose Bucket Idempotency (push) Successful in 1m0s
Details

Browse Source 
Clears 2 CRITICAL CVEs (CVE-2026-40976, CVE-2026-22732) and 17 HIGH CVEs
in Netty, Jetty, Spring Security, and Spring Boot itself. Also fixes
CVE-2025-66021 in the OWASP HTML sanitizer used by GeschichteService.

JaCoCo threshold ratcheted to 0.77 (actual measured coverage; previous
0.88 gate was never enforced since CI ran clean test not clean verify).
CI backend job changed to ./mvnw clean verify so the gate runs on every
push going forward.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit was merged in pull request #609.
This commit is contained in:
Marcel
2026-05-17 12:55:12 +02:00
parent 186535f8c9
commit e398133907
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/ci.yml
View File

@@ -194,7 +194,7 @@ jobs:
- name: Run backend tests - name: Run backend tests
run: | run: |
chmod +x mvnw chmod +x mvnw
./mvnw clean test ./mvnw clean verify
working-directory: backend working-directory: backend
- name: Upload surefire reports - name: Upload surefire reports

8
backend/pom.xml
View File

@@ -5,7 +5,7 @@
<parent> <parent>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>spring-boot-starter-parent</artifactId>
<version>4.0.0</version> <version>4.0.6</version>
<relativePath/> <!-- lookup parent from repository --> <relativePath/> <!-- lookup parent from repository -->
</parent> </parent>
<groupId>org.raddatz</groupId> <groupId>org.raddatz</groupId>
@@ -207,7 +207,7 @@
<dependency> <dependency>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId> <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>owasp-java-html-sanitizer</artifactId> <artifactId>owasp-java-html-sanitizer</artifactId>
<version>20240325.1</version> <version>20260101.1</version>
</dependency> </dependency>
<!-- HTML → plain-text extraction for comment previews --> <!-- HTML → plain-text extraction for comment previews -->
@@ -297,7 +297,7 @@
<phase>verify</phase> <phase>verify</phase>
<goals><goal>report</goal></goals> <goals><goal>report</goal></goals>
</execution> </execution>
<!-- Gate: baseline 89.4% overall / service 90.2% / controller 80.0% --> <!-- Gate: ratchet at 0.77 — actual measured coverage after drift; raise via #496 -->
<execution> <execution>
<id>check</id> <id>check</id>
<phase>verify</phase> <phase>verify</phase>
@@ -310,7 +310,7 @@
<limit> <limit>
<counter>BRANCH</counter> <counter>BRANCH</counter>
<value>COVEREDRATIO</value> <value>COVEREDRATIO</value>
<minimum>0.88</minimum> <minimum>0.77</minimum>
</limit> </limit>
</limits> </limits>
</rule> </rule>