[Snyk-dev] Fix for 11 vulnerabilities

[andreeaneata]

Snyk has created this PR to fix 11 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• todolist-goof/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Remote Code Execution SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751	919	org.springframework:spring-aspects: 3.2.6.RELEASE -> 3.2.7.RELEASE org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE org.springframework:spring-orm: 3.2.6.RELEASE -> 5.2.22.RELEASE Major version upgrade Mature
	XML External Entity (XXE) Injection SNYK-JAVA-DOM4J-174153	696	org.hibernate:hibernate-core: 4.3.7.Final -> 5.4.24.Final Major version upgrade Proof of Concept
	SQL Injection SNYK-JAVA-ORGHIBERNATE-1041788	635	org.hibernate:hibernate-core: 4.3.7.Final -> 5.4.24.Final org.hibernate:hibernate-entitymanager: 4.3.7.Final -> 5.4.24.Final Major version upgrade No Known Exploit
	SQL Injection SNYK-JAVA-ORGHIBERNATE-584563	619	org.hibernate:hibernate-core: 4.3.7.Final -> 5.4.24.Final org.hibernate:hibernate-entitymanager: 4.3.7.Final -> 5.4.24.Final Major version upgrade No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-DOM4J-2812975	584	org.hibernate:hibernate-core: 4.3.7.Final -> 5.4.24.Final Major version upgrade No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634	506	org.springframework:spring-aspects: 3.2.6.RELEASE -> 3.2.7.RELEASE org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE Major version upgrade Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828	479	org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313	479	org.springframework:spring-aspects: 3.2.6.RELEASE -> 3.2.7.RELEASE org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE org.springframework:spring-orm: 3.2.6.RELEASE -> 5.2.22.RELEASE Major version upgrade No Known Exploit
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-31325	479	org.springframework:spring-aspects: 3.2.6.RELEASE -> 3.2.7.RELEASE org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE org.springframework:spring-orm: 3.2.6.RELEASE -> 5.2.22.RELEASE No Known Exploit
	Improper Output Neutralization for Logs SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097	429	org.springframework:spring-aspects: 3.2.6.RELEASE -> 3.2.7.RELEASE org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE org.springframework:spring-orm: 3.2.6.RELEASE -> 5.2.22.RELEASE Major version upgrade No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878	429	org.springframework:spring-aspects: 3.2.6.RELEASE -> 3.2.7.RELEASE org.springframework:spring-context: 3.2.6.RELEASE -> 5.2.22.RELEASE org.springframework:spring-orm: 3.2.6.RELEASE -> 5.2.22.RELEASE Major version upgrade No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 XML External Entity (XXE) Injection
🦉 SQL Injection
🦉 Improper Output Neutralization for Logs
🦉 More lessons are available in Snyk Learn