oracle-devrel
diff --git a/‎.idea/springai-rag-db23ai.iml
Lines changed: 9 additions & 0 deletions b/‎.idea/springai-rag-db23ai.iml
Lines changed: 9 additions & 0 deletions
diff --git a/‎pom.xml
Lines changed: 40 additions & 0 deletions b/‎pom.xml
Lines changed: 40 additions & 0 deletions
@@ -21,6 +21,46 @@
 	</properties>
 	<dependencyManagement>
 		<dependencies>
+			<!-- Update Logback to fix CVE-2023-6378 -->
+			<dependency>
+				<groupId>ch.qos.logback</groupId>
+				<artifactId>logback-classic</artifactId>
+				<version>1.4.14</version>
+			</dependency>
+			<dependency>
+				<groupId>ch.qos.logback</groupId>
+				<artifactId>logback-core</artifactId>
+				<version>1.4.14</version>
+			</dependency>
+
+			<!-- Update Jackson to fix CVE-2023-35116 -->
+			<dependency>
+				<groupId>com.fasterxml.jackson.core</groupId>
+				<artifactId>jackson-databind</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.datatype</groupId>
+				<artifactId>jackson-datatype-jdk8</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.datatype</groupId>
+				<artifactId>jackson-datatype-jsr310</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.module</groupId>
+				<artifactId>jackson-module-parameter-names</artifactId>
+				<version>2.15.3</version>
+			</dependency>
+
+			<!-- Update Commons Compress to fix CVE-2024-25710, CVE-2024-26308, CVE-2023-42503 -->
+			<dependency>
+				<groupId>org.apache.commons</groupId>
+				<artifactId>commons-compress</artifactId>
+				<version>1.24.0</version>
+			</dependency>
 			<dependency>
 				<groupId>org.springframework.ai</groupId>
 				<artifactId>spring-ai-bom</artifactId>