From 44d489a73c1d86bd12c51fae548a5f05cb61d0bb Mon Sep 17 00:00:00 2001
From: Julian Ladisch <julianladisch@users.noreply.github.com>
Date: Wed, 15 Jan 2025 16:32:01 +0100
Subject: [PATCH] EDGCSOFT-79: Spring Boot 3.2.12 fixing tomcat-embed-core
 vulns

https://folio-org.atlassian.net/browse/EDGCSOFT-79

Upgrade Spring Boot from 3.2.6 to 3.2.12 in the b2.2 Quesnelia branch.

This fixes these security vulnerabilities:

* https://www.cve.org/CVERecord?id=CVE-2024-38286 tomcat-embed-core OutOfMemoryError in TLS 1.3
* https://www.cve.org/CVERecord?id=CVE-2024-34750 tomcat-embed-core HTTP/2 stream causing an out-of-memory error or exhausting maxConnections
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index fe5b735..401079c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.2.6</version>
+    <version>3.2.12</version>
     <relativePath />
   </parent>