From 1a2f84f7099dd58c0eabca9ebe666f5d348761f3 Mon Sep 17 00:00:00 2001 From: subrata71 Date: Sat, 28 Mar 2026 10:14:08 +0600 Subject: [PATCH 1/2] fix(security): mitigate CVE-2026-22732 by upgrading Spring Boot to 3.5.12 Upgrade Spring Boot from 3.5.11 to 3.5.12, which bundles Spring Security 6.5.9 (patched) and Spring Framework 6.2.17. Pin Lombok to 1.18.42 to avoid a breaking change in 1.18.44 that makes @FieldNameConstants inner class constructors private. --- app/server/pom.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/server/pom.xml b/app/server/pom.xml index 633116ac93d1..2f37c8127972 100644 --- a/app/server/pom.xml +++ b/app/server/pom.xml @@ -7,7 +7,7 @@ org.springframework.boot spring-boot-starter-parent - 3.5.11 + 3.5.12 @@ -30,6 +30,8 @@ 2.17.0 2.17.0 25 + + 1.18.42 true ${java.version} ${java.version} From e2bec36597795a5b783a2bec0e685d56a22c68a3 Mon Sep 17 00:00:00 2001 From: subrata71 Date: Sat, 28 Mar 2026 10:22:18 +0600 Subject: [PATCH 2/2] Apply spotless --- app/server/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/server/pom.xml b/app/server/pom.xml index 2f37c8127972..d79df182814e 100644 --- a/app/server/pom.xml +++ b/app/server/pom.xml @@ -30,9 +30,9 @@ 2.17.0 2.17.0 25 + true 1.18.42 - true ${java.version} ${java.version} 4.4.0