From 9b83665cebfb968c2a4d805e8975e5684bfdc4a5 Mon Sep 17 00:00:00 2001
From: Peter Chen <peter-h.chen@broadcom.com>
Date: Tue, 29 Oct 2024 14:41:20 -0700
Subject: [PATCH] Bump spring security to 5.8.15

- fixes https://nvd.nist.gov/vuln/detail/CVE-2024-38821
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 86af36be0..9126e9bbd 100644
--- a/build.gradle
+++ b/build.gradle
@@ -55,7 +55,7 @@ buildscript {
     // spring-boot 2.7.18 provides spring-security 5.7.11, which has
     // CVE-2024-22257. So, override that with spring-security 5.7 latest patch
     // version. This should be removed once spring-boot version is bumped.
-    ext['spring-security.version'] = '5.8.14'
+    ext['spring-security.version'] = '5.8.15'
 
     // spring-boot 2.7.18 has dependency to io.netty 4.1.101, which has
     // CVE-2024-29025. So override it with the latest patch.