Upgrade to Groovy 2.4.4

wilkinsona · wilkinsona · commit 9b6538d5bd6d · 2015-07-22T10:33:15.000+01:00
Typically, a Spring Boot maintenance release would not move to a new minor version of a dependency. However there is a security vulnerability in Groovy [1] and 2.4.4 is the only release which contains a fix for it. The commit upgrades to 2.4.4, thereby ensuring that users of Groovy are not vulnerable by default. Users of Groovy whose applications are not affected by the vulnerability may choose to downgrade back to 2.3.11 by overriding Spring Boot's dependency management. Closes gh-3540 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
diff --git a/spring-boot-dependencies/pom.xml b/spring-boot-dependencies/pom.xml
@@ -66,7 +66,7 @@
 		<gemfire.version>7.0.2</gemfire.version>
 		<glassfish-el.version>3.0.0</glassfish-el.version>
 		<gradle.version>1.6</gradle.version>
-		<groovy.version>2.3.11</groovy.version>
+		<groovy.version>2.4.4</groovy.version>
 		<gson.version>2.3.1</gson.version>
 		<h2.version>1.4.187</h2.version>
 		<hamcrest.version>1.3</hamcrest.version>
