Skip to content

Migrate to springboot 3.2 #1349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Apr 25, 2024
Merged

Migrate to springboot 3.2 #1349

merged 12 commits into from
Apr 25, 2024

Conversation

cbellone
Copy link
Member

Bump Spring Boot version to 3.2 + fix compilation / configuration errors

@cbellone cbellone requested a review from syjer April 19, 2024 13:04
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 19, 2024
View reviewed changes
src/main/java/alfio/config/authentication/APITokenAuthWebSecurity.java
Comment on lines +104 to +106
return http.securityMatchers(matchers -> matchers.requestMatchers(RequestTypeMatchers::isTokenAuthentication))
.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.csrf(AbstractHttpConfigurer::disable)

Check failure

Code scanning / CodeQL

Disabled Spring CSRF protection

CSRF vulnerability due to protection being disabled.
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 19, 2024
View reviewed changes
src/main/java/alfio/manager/FileDownloadManager.java
@@ -42,8 +46,8 @@
}

public DownloadedFile downloadFile(String url) {
HttpRequest httpRequest = HttpRequest.newBuilder(URI.create(url)).GET().build();
HttpResponse<byte[]> response = null;
HttpRequest httpRequest = HttpRequest.newBuilder(URI.create(requireNonNull(StringUtils.trimToNull(url)))).GET().build();

Check failure

Code scanning / CodeQL

Server-side request forgery

Potential server-side request forgery due to a [user-provided value](1). Potential server-side request forgery due to a [user-provided value](2). Potential server-side request forgery due to a [user-provided value](3). Potential server-side request forgery due to a [user-provided value](4).
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
58.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@syjer syjer merged commit 79c73ab into main Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@syjer syjer syjer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cbellone @syjer