Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency org.springframework.amqp:spring-rabbit to v3 - autoclosed #34

Closed
wants to merge 1 commit into from
Closed

Update dependency org.springframework.amqp:spring-rabbit to v3 - autoclosed #34

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Dec 19, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
org.springframework.amqp:spring-rabbit compile major 1.7.1.RELEASE -> 3.1.0

By merging this PR, the issue #25 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Critical Critical 10.0 CVE-2018-14721

Reachable
Critical Critical 9.8 CVE-2017-15095

Reachable
Critical Critical 9.8 CVE-2017-17485

Reachable
Critical Critical 9.8 CVE-2017-7525

Reachable
Critical Critical 9.8 CVE-2018-11307

Reachable
Critical Critical 9.8 CVE-2018-14718

Reachable
Critical Critical 9.8 CVE-2018-14719

Reachable
Critical Critical 9.8 CVE-2018-14720

Reachable
Critical Critical 9.8 CVE-2018-19360

Reachable
Critical Critical 9.8 CVE-2018-19361

Reachable
Critical Critical 9.8 CVE-2018-19362

Reachable
Critical Critical 9.8 CVE-2018-7489

Reachable
Critical Critical 9.8 CVE-2019-10202

Reachable
Critical Critical 9.8 CVE-2019-14379

Reachable
Critical Critical 9.8 CVE-2019-14540

Reachable
Critical Critical 9.8 CVE-2019-14892

Reachable
Critical Critical 9.8 CVE-2019-14893

Reachable
Critical Critical 9.8 CVE-2019-16335

Reachable
Critical Critical 9.8 CVE-2019-16942

Reachable
Critical Critical 9.8 CVE-2019-16943

Reachable
Critical Critical 9.8 CVE-2019-17267

Reachable
Critical Critical 9.8 CVE-2019-17531

Reachable
Critical Critical 9.8 CVE-2019-20330

Reachable
Critical Critical 9.8 CVE-2020-8840

Reachable
Critical Critical 9.8 CVE-2020-9546

Reachable
Critical Critical 9.8 CVE-2020-9547

Reachable
Critical Critical 9.8 CVE-2020-9548

Reachable
High High 8.8 CVE-2020-10672

Reachable
High High 8.8 CVE-2020-10673

Reachable
High High 8.8 CVE-2020-10968

Reachable
High High 8.8 CVE-2020-10969

Reachable
High High 8.8 CVE-2020-11111

Reachable
High High 8.8 CVE-2020-11112

Reachable
High High 8.8 CVE-2020-11113

Reachable
High High 8.1 CVE-2018-5968

Reachable
High High 8.1 CVE-2020-10650
High High 8.1 CVE-2020-11619

Reachable
High High 8.1 CVE-2020-11620

Reachable
High High 8.1 CVE-2020-14060

Reachable
High High 8.1 CVE-2020-14061

Reachable
High High 8.1 CVE-2020-14062

Reachable
High High 8.1 CVE-2020-14195

Reachable
High High 8.1 CVE-2020-24616

Reachable
High High 8.1 CVE-2020-24750

Reachable
High High 8.1 CVE-2020-36179

Reachable
High High 8.1 CVE-2020-36180

Reachable
High High 8.1 CVE-2020-36181

Reachable
High High 8.1 CVE-2020-36182

Reachable
High High 8.1 CVE-2020-36183

Reachable
High High 8.1 CVE-2020-36184

Reachable
High High 8.1 CVE-2020-36185

Reachable
High High 8.1 CVE-2020-36186

Reachable
High High 8.1 CVE-2020-36187

Reachable
High High 8.1 CVE-2020-36188

Reachable
High High 8.1 CVE-2020-36189

Reachable
High High 8.1 CVE-2021-20190

Reachable
High High 7.5 CVE-2018-12022

Reachable
High High 7.5 CVE-2018-12023

Reachable
High High 7.5 CVE-2019-12086

Reachable
High High 7.5 CVE-2019-14439

Reachable
High High 7.5 CVE-2020-36518

Reachable
High High 7.5 CVE-2022-42003

Reachable
High High 7.5 CVE-2022-42004
High High 7.5 CVE-2023-46120
Medium Medium 6.5 CVE-2018-1257

Reachable
Medium Medium 6.5 CVE-2022-22971

Reachable
Medium Medium 6.5 WS-2019-0379

Reachable
Medium Medium 5.9 CVE-2019-12384

Reachable
Medium Medium 5.9 CVE-2019-12814

Reachable
Medium Medium 5.3 CVE-2020-13956

Reachable
Medium Medium 5.3 WS-2017-3734

Reachable
Medium Medium 4.3 CVE-2023-34050

Unreachable

Release Notes

spring-projects/spring-amqp (org.springframework.amqp:spring-rabbit)

v3.1.0

Compare Source

🐞 Bug Fixes

  • Stream/Queue size in bytes (x-max-length-bytes) #​2552
  • Fix Super Stream Example in Docs #​2546

🔨 Dependency Upgrades

🔨 Tasks

  • Unable to connect to RabbitMQ Stream #​2522

External Links

v3.0.13

Compare Source

🐞 Bug Fixes

  • Memory leak with AsyncRabbitTemplate #​2678
  • DefaultMessagePropertiesConverter#toMessageProperties should handle x-delay in Short #​2668

🔨 Dependency Upgrades

  • Bump io.projectreactor:reactor-bom from 2022.0.17 to 2022.0.18 #​2686
  • Bump com.github.luben:zstd-jni from 1.5.6-1 to 1.5.6-2 #​2674

v3.0.12

Compare Source

🐞 Bug Fixes

  • Channel cache leak when no answers from broker for pending confirms #​2641
  • Kotlin suspend functions return type is incorrect #​2639

🔨 Dependency Upgrades

  • Bump io.projectreactor:reactor-bom from 2022.0.16 to 2022.0.17 #​2664
  • Bump org.testcontainers:testcontainers-bom from 1.19.6 to 1.19.7 #​2650
  • Bump org.testcontainers:testcontainers-bom from 1.19.5 to 1.19.6 #​2636

v3.0.11

Compare Source

🐞 Bug Fixes

  • Wrong ClassLoader is used for message deserialization when devtools are active #​2610
  • The SimpleMessageListenerContainer does not shutdown properly #​2594
  • CachingConnectionFactory leaks channels during connection resets when used in a SimpleMessageContainer #​2569
  • Fix Super Stream Example in Docs #​2548

🔨 Dependency Upgrades

  • Bump org.springframework.data:spring-data-bom from 2022.0.11 to 2022.0.12 #​2634
  • Bump kotlinVersion from 1.7.21 to 1.7.22 #​2633
  • Bump io.micrometer:micrometer-bom from 1.10.12 to 1.10.13 #​2632
  • Bump org.springframework.retry:spring-retry from 2.0.4 to 2.0.5 #​2631
  • Bump io.micrometer:micrometer-tracing-bom from 1.0.11 to 1.0.12 #​2630
  • Bump ch.qos.logback:logback-classic from 1.4.4 to 1.4.14 #​2629
  • Bump io.projectreactor:reactor-bom from 2022.0.12 to 2022.0.16 #​2628
  • Bump org.testcontainers:testcontainers-bom from 1.19.2 to 1.19.5 #​2627
  • Bump org.junit:junit-bom from 5.9.2 to 5.9.3 #​2626

v3.0.10

Compare Source

🐞 Bug Fixes

  • Ignore Kotlin Continuation Parameter While Inferring Conversion Type #​2533

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Retry, Reactor, Micrometer Versions #​2544

External Links

v3.0.9

Compare Source

🔨 Dependency Upgrades

  • Upgrade Spring, Data, Retry, Reactor, Micrometer, Jackson Versions #​2525

🔨 Tasks

  • Output of asciidoctorPdf can be pulled from cache when run on machines with different checkout directories #​2520

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​erichaagdev

External Links

v3.0.8

Compare Source

⭐ New Features

  • Clear Deferred Channel Close Executor #​2508
  • Add maxInboundMessageSize to RabbitConnectionFactoryBean #​2497
  • Add forceStop to Container Factories #​2492

🐞 Bug Fixes

  • Regression: ApplicationContext.stop() Hangs for 30s When Inactive Container(s) Present #​2513
  • Redeclaration of manually declared objects fail if objects with different types have the same name #​2501

🔨 Dependency Upgrades

  • Upgrade Reactor Version to 2020.0.35 #​2514

External Links

v3.0.7

Compare Source

⭐ New Features

  • Add forceStop to Container Factories #​2490

🐞 Bug Fixes

  • Spring AMQP artifacts have not published associated .module files needed by Gradle. #​2493

External Links

v3.0.6

Compare Source

🐞 Bug Fixes

  • Ensure Strict Ordering with Single Active and Exclusive Consumers #​2482

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Micrometer, Reactor Versions #​2489
  • Upgrade amqp-client Version #​2485

External Links

v3.0.5

Compare Source

⭐ New Features

  • Add Observation to Stream Components #​2467
  • Invoke RabbitListenerErrorHandler with Async Return Types #​2461
  • Add Kotlin Coroutine support #​1210

🐞 Bug Fixes

  • AmqpException when testing @RabbitListener with @RabbitHandler #​2456
  • setRedeclareManualDeclarations not honoured if no queue beans declared #​2452
  • If there is no regular AMQP activity in the application, the RabbitAdmin does not declare Rabbit entities #​2451

📔 Documentation

  • Improve Docs for Choosing a Connection Factory #​2473
  • Adding SSL configuration through RabbitConnectionFactoryBean approach into the documentation #​2472
  • Fix typo in stream.adoc #​2466
  • Aligned client connection order reference. #​2459

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Retry, Micrometer, Reactor Versions #​2477

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dlehammer and @​making

External Links

v3.0.4

Compare Source

⭐ New Features

🐞 Bug Fixes

  • Spring amqp doesnt support more than 1 server-named/anonymous queues #​2439
  • Missing @RabbitHandler method triggers an infinite retry loop #​2437
  • AMLC.redeclareElementsIfNecessary does not take into account Declarables #​2432

📔 Documentation

  • Document CorrelationData.getReturned() #​2447
  • Consider to add Rabbit Stream auto-creation hook #​2445
  • Document "send and receive" methods return value after a timeout #​1410

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Data, Micrometer, Reactor, JUnit Versions #​2450

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EldarErel

External Links

v3.0.3

Compare Source

🐞 Bug Fixes

  • NPE in AbstractConnectionFactory that causes connection listeners to be skipped #​2425

🔨 Dependency Upgrades

  • Upgrade Micrometer, Reactor, Spring Versions #​2433

External Links

v3.0.2

Compare Source

🐞 Bug Fixes

  • Run callback for shutdown also when container is already shut down #​1562

📔 Documentation

🔨 Dependency Upgrades

  • Upgrade Jackson, Micrometer, Reactor, Spring Data, Spring Framework Versions #​2422

🔨 Tasks

  • Irrelevant values in CachingConnectionFactory#toString #​1560

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GonMMarques and @​timbq

External Links

v3.0.1

Compare Source

🐞 Bug Fixes

📔 Documentation

  • Fix typo in amqp.adoc #​1547
  • Fix Documentation For Containers with Zero Queues #​1541
  • Missing Javadocs for MessageProperties.expiration #​1539

🔨 Dependency Upgrades

  • Upgrade Spring, Micrometer, Reactor Versions #​1556

🔨 Tasks

  • Fix Testcontainer Tests With No Docker Running #​1552
  • AMQP-52:Remove Obsolete MessageProperties Comments #​1546

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GonMMarques

External Links

v3.0.0

Compare Source

⭐ New Features

  • Add ability to set consumer priority with AmqpTemplate #​1533
  • Fix type pollution RabbitListenerAnnotationBeanPostProcessor #​1528
  • add support for the configuration of multiple ContainerCustomizer at a time #​1517
  • Flooding of 'Failed to check/redeclare auto-delete queue(s)' error messages #​1477
  • Set replyPostProcessor default value from the message container factory #​1425
  • Improve Extensibility of RepublishMessageRecoverer #​1382

🐞 Bug Fixes

  • Transactional channel is always closed after commit when using ThreadChannelConnectionFactory as publisher #​1524

📔 Documentation

🔨 Dependency Upgrades

  • Spring Data 2022.0.0, Framework 6.0.0, Retry 2.0.0 #​1538
  • Hibernate Validation 8.0.0-final, Micrometer 1.10.1, Mockito 4.8.1, Reactor 2022.0.0, TestContainers 1.17.6 #​1537

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GonMMarques

v2.4.17

Compare Source

⭐ New Features

🐞 Bug Fixes

  • Ignore Kotlin Continuation Parameter While Inferring Conversion Type #​2534

🔨 Dependency Upgrades

External Links

v2.4.16

Compare Source

⭐ New Features

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor Versions #​2524

External Links

v2.4.15

Compare Source

⭐ New Features

  • Clear Deferred Channel Close Executor #​2508
  • Add maxInboundMessageSize to RabbitConnectionFactoryBean #​2497
  • Add forceStop to Container Factories #​2492

🐞 Bug Fixes

  • Regression: ApplicationContext.stop() Hangs for 30s When Inactive Container(s) Present #​2513
  • Redeclaration of manually declared objects fail if objects with different types have the same name #​2501

🔨 Dependency Upgrades

  • Upgrade Reactor Version to 2020.0.35 #​2514

External Links

v2.4.14

Compare Source

🐞 Bug Fixes

  • Ensure Strict Ordering with Single Active and Exclusive Consumers #​2484

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor Versions #​2488
  • Upgrade amqp-client Version #​2486

External Links

v2.4.13

Compare Source

🐞 Bug Fixes

  • If there is no regular AMQP activity in the application, the RabbitAdmin does not declare Rabbit entities #​2464
  • AmqpException when testing @RabbitListener with @RabbitHandler #​2458
  • setRedeclareManualDeclarations not honoured if no queue beans declared #​2454

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor Versions #​2476

External Links

v2.4.12

Compare Source

⭐ New Features

🐞 Bug Fixes

  • Missing @RabbitHandler method triggers an infinite retry loop #​2444
  • Spring amqp doesnt support more than 1 server-named/anonymous queues #​2442
  • AMLC.redeclareElementsIfNecessary does not take into account Declarables #​2435

🔨 Dependency Upgrades

  • Upgrade Spring Framework, Reactor, CommonsHttp #​2449

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EldarErel

External Links

v2.4.11

Compare Source

🐞 Bug Fixes

  • NPE in AbstractConnectionFactory that causes connection listeners to be skipped #​2427

🔨 Dependency Upgrades

  • Upgrade Spring Framework to 5.3.26 #​2431

External Links

v2.4.10

Compare Source

🐞 Bug Fixes

  • GH-1561: SimpleMessageListenerContainer: Delayed shutdown because callback is not run #​1563

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​timbq

External Links

v2.4.9

Compare Source

🐞 Bug Fixes

📔 Documentation

  • Fix Documentation For Containers with Zero Queues #​1542
  • Missing Javadocs for MessageProperties.expiration #​1540

🔨 Dependency Upgrades

  • Upgrade Spring, Micrometer, Reactor Versions #​1555

External Links

v2.4.8

Compare Source

Change log:

34d9da7 Upgrade Versions; Prepare for Release
11d4282 GH-1533: Template Receive with Consumer Args
0ff3eb9 Fix typo in amqp.adoc
64e9f13 GH-1382: Sonar Issues
ddc32a3 GH-1382: Republish Recoverer Improvements
06ba396 GH-1528: Fix Possible Type Pollution
8dea23b GH-1524: Fix ThreadChannelCF with Transactional
9242967 GH-1477: Reduce Log Noise While Broker Down
399eff9 GH-1517: Fix Javadoc, CheckStyle
76a4b87 GH-1517: Add Since Tag
b63cd5b GH-1517: Docs and Polishing for Composite Cust.
b3bab6b GH-1517: Add CompositeContainerCustomizer
3c957f9 Sonar Fix
93ad8dd GH-1419: Increase New Code Test Coverage
fc984e0 GH-1419: Fix Local Node Name in Tests
c2c534d GH-1419: Sonar Fixes
1713452 GH-1419: Fix Early Exit in NodeLocator
6e3e246 GH-1419: Remove RabbitMQ http-client Usage

v2.4.7

Compare Source

Change log:

5017e03 Upgrade Versions; Prepare for Release
2746ebe GH-1473: Revert CompletableFuture Changes
e8f12b2 GH-1449: Fix Auto Recovery Docs
08b7171 GH-1494: Fix Test Harness with @​Repeatable
a8470fd Improve Stream Template Test Coverage
88734c3 GH-1491: Fix Fallback When Parameter is Optional
caa5052 GH-1491: Fix Possible NPE
38e0803 GH-1487: Countdown not active AsyncMProcConsumer
3d3dfa5 GH-1491: Support Optional/null Payloads
67bfec9 GH-1480: Switch to CompletableFuture in s-r-stream
9e04fb1 Fix Javadoc in the AsyncRabbitTemplate2
038f8f6 GH-1473: Move RabbitFutures to Top Level Classes
819630c Fix Sonar Issue
fac71c4 GH-1473: Fix Unused Import
[439ccd1](https://togithub.com/spring-projects

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Dec 19, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.amqp:spring-rabbit to v3 Update dependency org.springframework.amqp:spring-rabbit to v3 - autoclosed Apr 3, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/org.springframework.amqp-spring-rabbit-3.x branch April 3, 2024 00:29
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.amqp:spring-rabbit to v3 - autoclosed Update dependency org.springframework.amqp:spring-rabbit to v3 Apr 4, 2024
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/org.springframework.amqp-spring-rabbit-3.x branch April 4, 2024 06:10
@mend-for-github-com mend-for-github-com bot reopened this Apr 4, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/org.springframework.amqp-spring-rabbit-3.x branch from f59c36e to 1409373 Compare April 4, 2024 06:10
@mend-for-github-com mend-for-github-com bot changed the title Update dependency org.springframework.amqp:spring-rabbit to v3 Update dependency org.springframework.amqp:spring-rabbit to v3 - autoclosed Apr 18, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/org.springframework.amqp-spring-rabbit-3.x branch April 18, 2024 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants