Upgrade to Groovy 2.4.4

Typically, a Spring Boot maintenance release would not move to a new minor version of a dependency. However there is a security vulnerability in Groovy [1] and 2.4.4 is the only release which contains a fix for it. The commit upgrades to 2.4.4, thereby ensuring that users of Groovy are not vulnerable by default. Users of Groovy whose applications are not affected by the vulnerability may choose to downgrade back to 2.3.11 by overriding Spring Boot's dependency management. Closes gh-3540 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253

Upgrade to Groovy 2.4.4
Typically, a Spring Boot maintenance release would not move to a new minor version of a dependency. However there is a security vulnerability in Groovy [1] and 2.4.4 is the only release which contains a fix for it. The commit upgrades to 2.4.4, thereby ensuring that users of Groovy are not vulnerable by default. Users of Groovy whose applications are not affected by the vulnerability may choose to downgrade back to 2.3.11 by overriding Spring Boot's dependency management. Closes gh-3540 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253
9b6538d5 · Andy Wilkinson · d2d71934 · 9b6538d5
Commit 9b6538d5 authored Jul 22, 2015 by Andy Wilkinson
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

pom.xml spring-boot-dependencies/pom.xml +1 -1

No files found.
--- a/spring-boot-dependencies/pom.xml
+++ b/spring-boot-dependencies/pom.xml
@@ -66,7 +66,7 @@
 		<gemfire.version>7.0.2</gemfire.version>
 		<glassfish-el.version>3.0.0</glassfish-el.version>
 		<gradle.version>1.6</gradle.version>
-		<groovy.version>2.3.11</groovy.version>
+		<groovy.version>2.4.4</groovy.version>
 		<gson.version>2.3.1</gson.version>
 		<h2.version>1.4.187</h2.version>
 		<hamcrest.version>1.3</hamcrest.version>