From cbbcbaaa5fa6b378807a35b6b4fe48a9ea89ae29 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Wed, 18 Jun 2025 11:49:13 +0000
Subject: [PATCH] fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-10363252
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-10345766
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 4af6d87744..fa92acb725 100644
--- a/pom.xml
+++ b/pom.xml
@@ -285,7 +285,7 @@
         <commons.configuration.version>1.10</commons.configuration.version>
         <commons.csv.version>1.0</commons.csv.version>
         <commons.digester.version>2.1</commons.digester.version>
-        <commons.fileupload.version>1.3.1</commons.fileupload.version>
+        <commons.fileupload.version>1.6.0</commons.fileupload.version>
         <commons.httpclient.version>3.1</commons.httpclient.version>
         <commons.io.version>2.4</commons.io.version>
         <commons.lang.version>3.3.2</commons.lang.version>
@@ -311,7 +311,7 @@
         <servlet-api.version>3.1.0</servlet-api.version>
         <sitemesh.version>2.4.2</sitemesh.version>
         <slf4j.version>1.7.10</slf4j.version>
-        <spring.version>6.1.14</spring.version>
+        <spring.version>6.1.21</spring.version>
         <spring-ldap.version>2.0.2.RELEASE</spring-ldap.version>
         <springsecurity.version>6.4.6</springsecurity.version>
         <javax-el.version>2.2.4</javax-el.version>