From 9f7c57644e8c7f681bd338c9ad9eaf7ad138fc29 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Sat, 23 Aug 2025 09:05:18 +0000
Subject: [PATCH] fix: pom.xml & threadfix-sonar-plugin/pom.xml to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931
---
 pom.xml                        | 2 +-
 threadfix-sonar-plugin/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0e2886c089..a7f77482e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -313,7 +313,7 @@
         <slf4j.version>1.7.10</slf4j.version>
         <spring.version>6.1.20</spring.version>
         <spring-ldap.version>2.0.2.RELEASE</spring-ldap.version>
-        <springsecurity.version>6.4.6</springsecurity.version>
+        <springsecurity.version>6.4.9</springsecurity.version>
         <javax-el.version>2.2.4</javax-el.version>
         <spring-ws.version>4.0.15</spring-ws.version>
         <tfs-library.version>11.0.0</tfs-library.version>
diff --git a/threadfix-sonar-plugin/pom.xml b/threadfix-sonar-plugin/pom.xml
index 93c8a20a98..1ad5423c97 100644
--- a/threadfix-sonar-plugin/pom.xml
+++ b/threadfix-sonar-plugin/pom.xml
@@ -151,7 +151,7 @@
         <!-- This means we must use a compatible version of hibernate -->
         <hibernate.version>3.3.2.GA</hibernate.version>
         <!-- Unfortunately Spring 4 only supports hibernate 3.6+. This is the most recent 3.x release -->
-        <spring.version>3.2.13.RELEASE</spring.version>
+        <spring.version>6.2.10</spring.version>
     </properties>
 
     <modelVersion>4.0.0</modelVersion>