[Snyk] Fix for 2 vulnerabilities

[pavelbe4solutions]

Snyk has created this PR to fix 2 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-7687447	545	org.springframework:spring-web: 5.3.31 -> 5.3.38 org.springframework:spring-webmvc: 5.3.31 -> 5.3.39 No Path Found No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGSPRINGFRAMEWORK-7687446	465	org.springframework:spring-context: 5.3.31 -> 5.3.39 org.springframework:spring-webmvc: 5.3.31 -> 5.3.39 No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Allocation of Resources Without Limits or Throttling

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the configuration and deployment of the OWASP Benchmark application, including updating the pom.xml file with various dependencies and plugins, adding Maven profiles to configure the deployment using different application servers and security tools, and improving the security aspects of the application.

Expand for full summary

Summary:

The changes made in this pull request are focused on improving the configuration and deployment of the OWASP Benchmark application. The key changes include updating the pom.xml file to include various dependencies and plugins, such as Apache Directory Server, Spring, Hibernate, and Tomcat, as well as adding several Maven profiles to configure the deployment of the application using different application servers and security tools (Contrast Security, Seeker, CxIAST, and HCL).

From an application security perspective, the inclusion of the FindSecBugs plugin and the integration with various security tools suggest that the project maintainers are committed to improving the security of the OWASP Benchmark application. The use of Tomcat as the application server and the configuration of the Tomcat connector settings (e.g., SSL/TLS protocol, keystore, etc.) indicate that the project is considering secure deployment of the application in a production environment. Overall, the changes in this pull request appear to be focused on improving the build, deployment, and security aspects of the OWASP Benchmark application, which is in line with the project's goals.

Files Changed:

• pom.xml: The pom.xml file has been updated to include various dependencies and plugins for the project, such as Apache Directory Server, Spring, Hibernate, and Tomcat. The build configuration has been updated to include several Maven profiles, each with specific settings for deploying the application, including profiles for enabling the FindSecBugs plugin and configuring the deployment of the application using different application servers and security tools (Contrast Security, Seeker, CxIAST, and HCL). The changes in the patch section involve updating the reference tags in the maven-antrun-plugin configuration, which are used to run Ant targets for starting the LDAP server, database server, and database initialization as part of the deployment process.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.