build: bumping Undertow and logback versions

This could get rid of CVEs: [CVE-2022-1259] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') [CVE-2023-5379] CWE-770: Allocation of Resources Without Limits or Throttling [CVE-2016-6311] CWE-200: Information Exposure [CVE-2023-6481] CWE-noinfo
FgForrest · Dec 27, 2023 · 8b226fc · 8b226fc
1 parent dec5d56
commit 8b226fc
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/evita_external_api/evita_external_api_core/pom.xml b/evita_external_api/evita_external_api_core/pom.xml
@@ -51,7 +51,7 @@
 		<dependency>
 			<groupId>io.undertow</groupId>
 			<artifactId>undertow-core</artifactId>
-			<version>2.3.5.Final</version>
+			<version>2.3.10.Final</version>
 		</dependency>
 
 		<dependency>

diff --git a/pom.xml b/pom.xml
@@ -104,7 +104,7 @@
 		<java.version>17</java.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<slf4j.version>2.0.7</slf4j.version>
-		<logback.version>1.4.12</logback.version>
+		<logback.version>1.4.14</logback.version>
 		<kryo.version>5.0.3</kryo.version>
 		<jackson.version>2.15.2</jackson.version>
 		<snakeyaml.version>2.2</snakeyaml.version>