Hibernate vulnerability #1771

blootsvoets · 2021-02-04T08:12:14Z

Hibernate has a SQL injection vulnerability in version 5.4.21, which is resolved in version 5.4.24:
https://app.snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-1041788

alex-odysseus · 2021-02-17T11:46:30Z

There were a few attempts to raise the version without success:

We should get back to the topic when the current Spring Boot version 1.5.22.RELEASE is raised to 2.x

Until then the library spring-data-jpa-entity-graph (1.11.03) looks like a cornerstone correlating with Hibernate Core

chrisknoll · 2021-02-17T14:48:37Z

What is the confusion, @blootsvoets ?

blootsvoets · 2021-02-17T16:07:50Z

Ehm, no confusion, just sad that Spring Boot 1.5 and the latest Hibernate versions don't work together nicely.

chrisknoll · 2021-02-17T19:01:19Z

Agreed. For the 3.0 line we'll be bringing everything up to date: JDK 14+ etc.

anthonysena · 2023-04-18T13:38:28Z

Linking this to #2244

anthonysena added this to the V3.0.0. "Atlas 3.0" milestone May 3, 2022

anthonysena added the security label May 3, 2022

chrisknoll mentioned this issue Jul 22, 2022

Bump project to use spring boot 2.x (Spring 1.x is EOL) #2056

Open

alex-odysseus mentioned this issue Oct 4, 2022

Upgraded several libraries and fixed incorrect references in pom. #2092

Closed

alex-odysseus mentioned this issue Apr 13, 2023

Bump hibernate-core from 5.4.2.Final to 5.4.24.Final #1977

Closed

anthonysena added this to Atlas/WebAPI Issue Triage Apr 18, 2023

github-project-automation bot moved this to Needs Review in Atlas/WebAPI Issue Triage Apr 18, 2023

anthonysena moved this from Needs Review to Under Review in Atlas/WebAPI Issue Triage Apr 18, 2023

anthonysena moved this from Under Review to Review Complete in Atlas/WebAPI Issue Triage Apr 18, 2023

Provide feedback