[Snyk] Upgrade: com.thoughtworks.xstream:xstream, log4j:log4j, net.sf.saxon:saxon, org.codehaus.jackson:jackson-mapper-asl, org.slf4j:slf4j-api, org.hibernate:hibernate-validator, org.slf4j:jcl-over-slf4j, org.slf4j:slf4j-log4j12, org.springframework:spring-beans, org.springframework:spring-aop, org.springframework:spring-expression, org.springframework:spring-context, org.springframework:spring-oxm, org.springframework:spring-web, org.springframework:spring-webmvc

[eoftedal]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

com.thoughtworks.xstream:xstream
from 1.4.4 to 1.4.20 | 23 versions ahead of your current version | 2 years ago
on 2022-12-23
log4j:log4j
from 1.2.16 to 1.2.17 | 1 version ahead of your current version | 12 years ago
on 2012-05-26
net.sf.saxon:saxon
from 8.5.1 to 8.7 | 1 version ahead of your current version | 18 years ago
on 2006-04-05
org.codehaus.jackson:jackson-mapper-asl
from 1.7.1 to 1.9.13 | 34 versions ahead of your current version | 11 years ago
on 2013-07-15
org.slf4j:slf4j-api
from 1.6.1 to 1.7.36 | 41 versions ahead of your current version | 3 years ago
on 2022-02-08
org.hibernate:hibernate-validator
from 4.2.0.Final to 4.3.2.Final | 6 versions ahead of your current version | 10 years ago
on 2014-07-25
org.slf4j:jcl-over-slf4j
from 1.6.1 to 1.7.36 | 41 versions ahead of your current version | 3 years ago
on 2022-02-08
org.slf4j:slf4j-log4j12
from 1.6.1 to 1.7.36 | 41 versions ahead of your current version | 3 years ago
on 2022-02-08
org.springframework:spring-beans
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09
org.springframework:spring-aop
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09
org.springframework:spring-expression
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09
org.springframework:spring-context
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09
org.springframework:spring-oxm
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09
org.springframework:spring-web
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09
org.springframework:spring-webmvc
from 4.0.0.RELEASE to 4.3.30.RELEASE | 60 versions ahead of your current version | 4 years ago
on 2020-12-09

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30159	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1040458	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181	479	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-31394	479	No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182	479	Proof of Concept
	Remote Code Execution (RCE) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183	479	Mature
	Improper Input Validation SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832	479	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30163	479	No Known Exploit
	Reflected File Download SNYK-JAVA-ORGSPRINGFRAMEWORK-30165	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088337	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180	479	Proof of Concept
	Authentication Bypass SNYK-JAVA-ORGSPRINGFRAMEWORK-536316	479	No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186	479	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190	479	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-2388977	479	No Known Exploit
	JSM bypass via ReflectionHelper SNYK-JAVA-ORGHIBERNATE-30098	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-31328	479	No Known Exploit
	Arbitrary File Deletion SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051966	479	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1051967	479	Mature
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088328	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088329	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088330	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088331	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3091180	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088335	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088336	479	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30160	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30164	479	No Known Exploit
	Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGSPRINGFRAMEWORK-31331	479	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088338	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1294540	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JAVA-ORGSPRINGFRAMEWORK-30167	479	No Known Exploit
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-30169	479	No Known Exploit
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-32202	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088332	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088333	479	Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1088334	479	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569189	479	Proof of Concept
	Directory Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-31325	479	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-3182897	479	Proof of Concept
	Insecure XML deserialization SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-460764	479	Mature
	XML External Entity (XXE) Injection SNYK-JAVA-ORGSPRINGFRAMEWORK-30158	479	No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs