Skip to content

Bump spring.boot.version to 3.4.5 #3980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CTMBNara merged 1 commit into from
Jun 3, 2025
Merged

Bump spring.boot.version to 3.4.5 #3980

CTMBNara merged 1 commit into from
Jun 3, 2025

Conversation

@JimTharioAmazon
Copy link
Contributor

@JimTharioAmazon JimTharioAmazon commented May 30, 2025

Patch for CVE-2025-22235.

🔧 Type of changes

  • new bid adapter
  • bid adapter update
  • new feature
  • new analytics adapter
  • new module
  • module update
  • bugfix
  • documentation
  • configuration
  • dependency update
  • tech debt (test coverage, refactorings, etc.)

✨ What's the context?

Bump spring.boot.version from 3.4.4 to 3.4.5 for CVE-2025-22235.

🧠 Rationale behind the change

Remove high CVE vulnerability.

🔎 New Bid Adapter Checklist

  • verify email contact works
  • NO fully dynamic hostnames
  • geographic host parameters are NOT required
  • direct use of HTTP is prohibited - implement an existing Bidder interface that will do all the job
  • if the ORTB is just forwarded to the endpoint, use the generic adapter - define the new adapter as the alias of the generic adapter
  • cover an adapter configuration with an integration test

🧪 Test plan

Unit tests and functional tests pass after this change.

🏎 Quality check

  • [-] Are your changes following our code style guidelines?
  • [N] Are there any breaking changes in your code?
  • [-] Does your test coverage exceed 90%?
  • [N] Are there any erroneous console logs, debuggers or leftover code in your changes?

@osulzhenko osulzhenko added dependencies Pull requests that update a dependency file do not port labels May 30, 2025
@CTMBNara CTMBNara merged commit fba26a6 into prebid:master Jun 3, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CTMBNara CTMBNara CTMBNara approved these changes

@osulzhenko osulzhenko osulzhenko approved these changes

Assignees

@JimTharioAmazon JimTharioAmazon

Labels

dependencies Pull requests that update a dependency file do not port

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JimTharioAmazon @CTMBNara @osulzhenko