Skip to content

Security Fixes for security vulnerabilities#535

Merged
PujaDeshmukh17 merged 7 commits into
developfrom
RBSDMS-sdmSecurityFix-feature
Jul 10, 2026
Merged

Security Fixes for security vulnerabilities#535
PujaDeshmukh17 merged 7 commits into
developfrom
RBSDMS-sdmSecurityFix-feature

Conversation

@PujaDeshmukh17

@PujaDeshmukh17 PujaDeshmukh17 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Describe your changes

This PR upgrades several transitive and direct dependencies in sdm/pom.xml to address known security vulnerabilities and keep dependency versions current.

Dependency Old Version New Version Reason
jackson-databind 2.18.6 2.18.9 Fixes GHSA-226 (CWE-915): case-insensitive deserialization bypass of per-property @JsonIgnoreProperties, allowing mass-assignment-style writes to ignored fields
httpcore5 5.3.3 5.4.3 Patch upgrade for Apache HttpComponents Core 5
httpcore5-h2 (new) 5.4.3 Explicit pin of the HTTP/2 module to match httpcore5 version and avoid transitive version mismatch
httpcore-nio (new) 4.4.16 Explicit pin of the legacy NIO module to resolve transitive version ambiguity

Any documentation

Before library upgrade

image

After library upgrade
image

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist before requesting a review

  • I follow Java Development Guidelines for SAP
  • I have tested the functionality on my cloud environment.
  • I have provided sufficient automated/ unit tests for the code.
  • I have increased or maintained the test coverage.
  • I have ran integration tests on my cloud environment.
  • I have validated blackduck portal for any vulnerability after my commit.

Upload Screenshots/lists of the scenarios tested

  • I have Uploaded Screenshots or added lists of the scenarios tested in description

@PujaDeshmukh17
PujaDeshmukh17 merged commit fcdd7fa into develop Jul 10, 2026
9 checks passed
@PujaDeshmukh17
PujaDeshmukh17 deleted the RBSDMS-sdmSecurityFix-feature branch July 10, 2026 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants