diff --git a/build.gradle b/build.gradle
index 10c8e02b7a..0efa56a43b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -91,6 +91,12 @@ subprojects {
                 }
                 because 'Fixes CVE-2023-39410.'
             }
+            implementation('org.apache.commons:commons-configuration2') {
+                version {
+                    require '2.11.0'
+                }
+                because 'Fixes CVE-2024-29131 and CVE-2024-29133.'
+            }
             implementation('org.apache.httpcomponents:httpclient') {
                 version {
                     require '4.5.14'
diff --git a/settings.gradle b/settings.gradle
index 8ca5760be3..3524edaee3 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -46,7 +46,7 @@ dependencyResolutionManagement {
             version('opensearch', '1.3.14')
             library('opensearch-client', 'org.opensearch.client', 'opensearch-rest-client').versionRef('opensearch')
             library('opensearch-rhlc', 'org.opensearch.client', 'opensearch-rest-high-level-client').versionRef('opensearch')
-            version('spring', '5.3.28')
+            version('spring', '5.3.39')
             library('spring-core', 'org.springframework', 'spring-core').versionRef('spring')
             library('spring-context', 'org.springframework', 'spring-context').versionRef('spring')
             version('bouncycastle', '1.78.1')