Bump org.scala-lang:scala-compiler from 2.10.4 to 2.10.7 in /jOOQ-scala

[dependabot]

Bumps org.scala-lang:scala-compiler from 2.10.4 to 2.10.7.

Release notes

Sourced from org.scala-lang:scala-compiler's releases.

Scala 2.10.7 is a maintenance release to bring (partial) Java 9 support to the sbt 0.13 series. A total of three pending backports were merged.

This release addresses (#6128) a privilege escalation vulnerability that was identified in the Scala compilation daemon CVE-2017-15288.

We strongly encourage you to upgrade to the latest stable version of Scala 2.12.x, as the 2.10.x series is no longer actively maintained.

There is a known bug on Java 9 involving the repl: the workaround is to launch it as scala -nobootcp.

More information about the Scala 2.10 series is available in the release notes for Scala 2.10.4. A few more bugs were fixed since then in 2.10.5.

Scala 2.10.6 resolves a license incompatibility in scala.util.Sorting, but is otherwise identical to Scala 2.10.5. A total of three pending backports were merged.

We strongly encourage you to upgrade to the latest stable version of Scala 2.11.x, as the 2.10.x series is no longer actively maintained.

Scala IDE

The current release of Scala IDE supports any 2.10.x release, and is available on the download site.

Release Notes for the Scala 2.10 Series

The release notes for the Scala 2.10 series, which also apply to the current minor release, are available in the release notes for Scala 2.10.4. They contain important information such as:

• The specification of binary compatibility between minor releases.
• Details on new features, important changes and deprecations in Scala 2.10.

Commits

• 89e57bc Merge pull request #6113 from retronym/backport/reflection
• 4b84876 Move ASM sources back to the original location
• 2ae75e9 Fixup cherrypick of test case
• 7e1a4b9 Add MiMa whitelist entries
• efbd9d5 Limit use of java file manager to JDK 9
• cd36647 Static calls to interfaces are only allowed with 1.8 classfiles
• 69b79ba Support -target:jvm1.8, needed to call static methods on Java interfaces
• c3d8750 Update to scala-asm v5.2.0-scala-2
• 9ad4757 [backport] SI-9393 fix modifiers of Java annotations
• ac0c3fc Backport suport for Java 9 platform classpath
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[jpeaks-eroad]

Checkmarx One – Scan Summary & Details – 3b33bcaa-112d-4156-9e1a-7c582e087714

New Issues (48)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2015-4852	Maven-commons-collections:commons-collections-3.2.1	details Recommended version: 3.2.2 Description: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary comman... Attack Vector: NETWORK Attack Complexity: LOW ID: pAW8FL3%2BNvXUsRKTmqPsqGf5bWWCUqAio9vrYUR9PK4%3D Vulnerable Package
	CVE-2015-7501	Maven-commons-collections:commons-collections-3.2.1	details Recommended version: 3.2.2 Description: Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application ... Attack Vector: NETWORK Attack Complexity: LOW ID: kNFfITrQEA6Jps%2BTUlJKzqDEmxLqbEAf45023%2FS12MQ%3D Vulnerable Package
	CVE-2016-2170	Maven-commons-collections:commons-collections-3.2.1	details Recommended version: 3.2.2 Description: Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java... Attack Vector: NETWORK Attack Complexity: LOW ID: i%2B5mJvAm2YT6Go%2FKwYRYvxOjfd3BuI6huJOPjbsnAkQ%3D Vulnerable Package
	CVE-2024-1597	Maven-org.postgresql:postgresql-9.2-1003-jdbc4	details Recommended version: 42.2.29 Description: The pgjdbc, the PostgreSQL JDBC Driver, allows an attacker to inject SQL if using "PreferQueryMode=SIMPLE". Note this is not the default. In the de... Attack Vector: NETWORK Attack Complexity: LOW ID: yW1FpmKb5LWgTM8BlkhOyzPy%2Fozya9K6LWRRh36T0EA%3D Vulnerable Package
	CVE-2014-3643	Maven-com.sun.jersey:jersey-core-1.0.2	details Recommended version: 1.13 Description: It was found that external parameter entities were not disabled by the jersey SAX parser. A remote attacker able to send XML requests to a jersey e... Attack Vector: NETWORK Attack Complexity: LOW ID: C8KI9I5oz3HhBaqRA4zIpgC5SdNOXc2YcVLlfioYh3s%3D Vulnerable Package
	CVE-2015-6420	Maven-commons-collections:commons-collections-3.2.1	details Recommended version: 3.2.2 Description: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, a... Attack Vector: NETWORK Attack Complexity: LOW ID: 8QatyGUGxlzRvzteTvBz740TGPF0bbw5gQKwaP2Jr6g%3D Vulnerable Package
	CVE-2016-5007	Maven-org.springframework:spring-core-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: Both Spring Security Core prior to 4.1.1 and Spring Core prior to 4.3.1, rely on URL pattern mappings for authorization and for mapping requests to... Attack Vector: NETWORK Attack Complexity: LOW ID: 307t8iGN1FfWaCgMjUgtmdVD%2FFCz0hq30EWWom9c8jU%3D Vulnerable Package
	CVE-2016-5007	Maven-org.springframework:spring-core-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: Both Spring Security Core prior to 4.1.1 and Spring Core prior to 4.3.1, rely on URL pattern mappings for authorization and for mapping requests to... Attack Vector: NETWORK Attack Complexity: LOW ID: SLu9yXWsDsdlBIOCW8wJRwrcZ6irMntPWOn1VaiWqf4%3D Vulnerable Package
	CVE-2022-4244	Maven-org.codehaus.plexus:plexus-utils-1.5.15	details Recommended version: 3.0.24 Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outs... Attack Vector: NETWORK Attack Complexity: LOW ID: yJrG%2Bk%2F0INITYYuzwURw8tYUIBov5%2BFgm5lkCLedOXI%3D Vulnerable Package
	CVE-2022-45868	Maven-com.h2database:h2-1.3.176	details Recommended version: 2.2.220 Description: The web-based admin console in H2 Database Engine versions through 2.1.214 can be started via the CLI with the argument "-webAdminPassword", which ... Attack Vector: LOCAL Attack Complexity: LOW ID: 3XsTO1HVlyb%2BBWFZZOWIv5qi1ncrXq9Vn2kuqa6%2BUH4%3D Vulnerable Package
	CVE-2022-45868	Maven-com.h2database:h2-1.3.168	details Recommended version: 2.2.220 Description: The web-based admin console in H2 Database Engine versions through 2.1.214 can be started via the CLI with the argument "-webAdminPassword", which ... Attack Vector: LOCAL Attack Complexity: LOW ID: C%2BHa0bxddF%2BlaYJXQbFUn82L%2FI4a73nl9xESQyBsxXg%3D Vulnerable Package
	CVE-2022-45868	Maven-com.h2database:h2-1.4.181	details Recommended version: 2.2.220 Description: The web-based admin console in H2 Database Engine versions through 2.1.214 can be started via the CLI with the argument "-webAdminPassword", which ... Attack Vector: LOCAL Attack Complexity: LOW ID: COnd%2BFnlFKI4nWRpfIKccf5vzxc3amBaxbNWeOJpkQs%3D Vulnerable Package
	CVE-2022-45868	Maven-com.h2database:h2-1.4.177	details Recommended version: 2.2.220 Description: The web-based admin console in H2 Database Engine versions through 2.1.214 can be started via the CLI with the argument "-webAdminPassword", which ... Attack Vector: LOCAL Attack Complexity: LOW ID: CwOcQgtUlKOqL%2BvToUS3fuUy7bTbJTc512rABw1s%2Blc%3D Vulnerable Package
	CVE-2022-45868	Maven-com.h2database:h2-1.3.174	details Recommended version: 2.2.220 Description: The web-based admin console in H2 Database Engine versions through 2.1.214 can be started via the CLI with the argument "-webAdminPassword", which ... Attack Vector: LOCAL Attack Complexity: LOW ID: %2FGdgRil8PD9XSO9wIx%2B9SPyDcwH68K7xLJLaqCGsT0Q%3D Vulnerable Package
	CVE-2023-1436	Maven-org.codehaus.jettison:jettison-1.0.1	details Recommended version: 1.5.4 Description: An infinite recursion is triggered in Jettison prior to 1.5.4 when constructing a JSONArray from a Collection that contains a self-reference in one... Attack Vector: NETWORK Attack Complexity: LOW ID: Rq7Gpk%2B%2Burelk880j7zLf%2BxrKq71dwYHW%2B%2FVKEdX5Q4%3D Vulnerable Package
	CVE-2023-20883	Maven-org.springframework.boot:spring-boot-autoconfigure-1.1.7.RELEASE	details Recommended version: 2.5.15 Description: In org.springframework.boot:spring-boot-autoconfigure versions through 2.5.14, 2.6.0 through 2.6.14, 2.7.0 through 2.7.11, and 3.0.0 through 3.0.6 ... Attack Vector: NETWORK Attack Complexity: LOW ID: OP87AjSK443l9W0WmTeY7HSVBVaT1ub3AWmbXdjBfdo%3D Vulnerable Package
	CVE-2023-26464	Maven-log4j:log4j-1.2.16	details Recommended version: 1.2.17.redhat-00008 Description: When using the Chainsaw or SocketAppender components with Log4j versions 1.0.4 prior to 2.0, an attacker that manages to cause a logging entry invo... Attack Vector: NETWORK Attack Complexity: LOW ID: CGGvnBm2dXtXUrMxnJnmInWjUmw5UfpZi3eHZgiv5qM%3D Vulnerable Package
	CVE-2023-2976	Maven-com.google.guava:guava-15.0	details Recommended version: 32.0.0.jre-redhat-00001 Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 through 31.1-jre on Unix syste... Attack Vector: LOCAL Attack Complexity: LOW ID: h21pdnGJFp7HVFIezDPzT7QKa0C%2FCyB9ahF%2BKUrg5Ts%3D Vulnerable Package
	CVE-2023-6378	Maven-ch.qos.logback:logback-classic-1.1.2	details Recommended version: 1.3.15 Description: A serialization vulnerability in logback receiver component part of logback versions prior to 1.2.13, 1.3.x prior to 1.3.12, and 1.4.x prior to 1.4... Attack Vector: NETWORK Attack Complexity: LOW ID: CaWO9WOUoszXBFff%2BLW3skKXfMoJSxV1CJFHWD8QEU4%3D Vulnerable Package
	CVE-2023-6378	Maven-ch.qos.logback:logback-core-1.1.2	details Recommended version: 1.3.15 Description: A serialization vulnerability in logback receiver component part of logback versions prior to 1.2.13, 1.3.x prior to 1.3.12, and 1.4.x prior to 1.4... Attack Vector: NETWORK Attack Complexity: LOW ID: In3JkRpZ7FTh2u2YN1kqmtVZRkrB1gswcYVVXoG5Jgo%3D Vulnerable Package
	CVE-2023-6481	Maven-ch.qos.logback:logback-core-1.1.2	details Recommended version: 1.3.15 Description: A serialization vulnerability in logback receiver component part of logback versions through 1.2.12, 1.3.x through 1.3.13, and 1.4.x through 1.4.13... Attack Vector: NETWORK Attack Complexity: LOW ID: DFekusWHkCvQW9XeKPT9qveAy64hXU2xK9v%2BNVRIapI%3D Vulnerable Package
	CVE-2022-4245	Maven-org.codehaus.plexus:plexus-utils-1.5.15	details Recommended version: 3.0.24 Description: A flaw was found in codehaus-plexus versions prior to 3.0.24. The 'org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment' fails to sanitize comme... Attack Vector: NETWORK Attack Complexity: LOW ID: Wz2TxS6z3AF8Z26F6JYUknDY2I4FfF7%2Fno423QX%2Fs9s%3D Vulnerable Package
	CVE-2023-20861	Maven-org.springframework:spring-expression-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: In Spring Framework versions prior to 5.2.23.RELEASE, 5.3.x prior to 5.3.26 and 6.0.x prior to 6.0.7 it is possible for a user to provide a special... Attack Vector: NETWORK Attack Complexity: LOW ID: 0qjblpstnflfE052n%2FDs8l%2FiADhP0hQMAhs3wKocmFI%3D Vulnerable Package
	CVE-2023-20861	Maven-org.springframework:spring-expression-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: In Spring Framework versions prior to 5.2.23.RELEASE, 5.3.x prior to 5.3.26 and 6.0.x prior to 6.0.7 it is possible for a user to provide a special... Attack Vector: NETWORK Attack Complexity: LOW ID: abCppN7nypQYd%2FQj4vS3x7LtNGge0v975iIBaXGUr%2BM%3D Vulnerable Package
	CVE-2023-20863	Maven-org.springframework:spring-expression-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: In spring framework in versions through 5.2.23.RELEASE, 5.3.0-M1 through 5.3.26, and 6.0.0-M1 through 6.0.7 it is possible for a user to provide a ... Attack Vector: NETWORK Attack Complexity: LOW ID: aiFLV3vqmrYql8cRfJg1rPBBPBU%2FeBJdIqPdIV8ulo8%3D Vulnerable Package
	CVE-2023-20863	Maven-org.springframework:spring-expression-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: In spring framework in versions through 5.2.23.RELEASE, 5.3.0-M1 through 5.3.26, and 6.0.0-M1 through 6.0.7 it is possible for a user to provide a ... Attack Vector: NETWORK Attack Complexity: LOW ID: sZnYRrySHd4YWEzFtlW3ukvFNo0NM3zVHbwNzkCf%2F4U%3D Vulnerable Package
	CVE-2024-12798	Maven-ch.qos.logback:logback-classic-1.1.2	details Recommended version: 1.3.15 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW ID: udH04FZLhmTM19ytLxFGvPr1pCSlNfdJz58b4mcleEI%3D Vulnerable Package
	CVE-2024-12798	Maven-ch.qos.logback:logback-core-1.1.2	details Recommended version: 1.3.15 Description: Arbitrary Code Execution vulnerability in "JaninoEventEvaluator" by QOS.CH logback in Java applications, allows attackers to execute arbitrary code... Attack Vector: LOCAL Attack Complexity: LOW ID: WWUhDmhin%2FCUk3ZarY1b9Kv6R6sGN7tedvd9gy5MoPc%3D Vulnerable Package
	CVE-2024-38808	Maven-org.springframework:spring-expression-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: In Spring Framework versions through 5.3.38, a user can provide a specially crafted Spring Expression Language (SpEL) expression that may cause a D... Attack Vector: NETWORK Attack Complexity: LOW ID: GixEAq0iRZJL3n1KUoDgGozb%2BLtHbHwrdlUQ56hP6bI%3D Vulnerable Package
	CVE-2024-38808	Maven-org.springframework:spring-expression-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: In Spring Framework versions through 5.3.38, a user can provide a specially crafted Spring Expression Language (SpEL) expression that may cause a D... Attack Vector: NETWORK Attack Complexity: LOW ID: MNK71FxkuiNgEs4S6skP7BpHkLinVZ3i%2Bku8NS9GeXo%3D Vulnerable Package
	CVE-2025-48924	Maven-commons-lang:commons-lang-2.4	details Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu... Attack Vector: NETWORK Attack Complexity: LOW ID: 0%2Befh7IE0HwQ6e%2FVJ0MlYw6rZZXTmLIRLw3zh0yNXQs%3D Vulnerable Package
	CVE-2025-48924	Maven-org.apache.commons:commons-lang3-3.1	details Recommended version: 3.18.0 Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu... Attack Vector: NETWORK Attack Complexity: LOW ID: 7PMk09QEMQWbVpFSQRyZawC72V8RGmFwwr6Hzn9BTxo%3D Vulnerable Package
	CVE-2024-12801	Maven-ch.qos.logback:logback-core-1.1.2	details Recommended version: 1.3.15 Description: Server-Side Request Forgery (SSRF) in "SaxEventRecorder" by QOS.CH logback on the Java platform, allows an attacker to forge requests by compromisi... Attack Vector: LOCAL Attack Complexity: LOW ID: Pu49oeDbJvcbU%2Fz%2FruHk9Jtc7nCliRkVl5xo7pwCha4%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-context-3.2.6.RELEASE	details Recommended version: 6.1.20 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: 3PJdeZljjmpl%2F3Soyc%2Bbwj%2FCkMIznxAaFm02ZxDldqE%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-jdbc-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: aIbOFqd24%2F67O4%2FzeguJckp83wy8I9sjQw%2F%2B67P9t7E%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-core-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: hXSnCbB1IfQiq27A1dY9paEUO0hWq3p3k%2Bb0wTZghLY%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-core-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: IIDfUA%2BNLRCXDvHBUFCcgiXascGHWhKUOTHniSwHr00%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-beans-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: iRxvipEFJipY0K2R7KKT1I1yePM6evPWyaeWELC%2BrWE%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-expression-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: J7%2FsGcXjF6LOWURaKvQzYRSvl8qVrGU7L47i5Vws%2Byc%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-beans-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: JMNO7DsuzoJJ%2FNIXZBlQSAW8r06a%2Fge7HkWrvxxqegc%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-context-4.0.7.RELEASE	details Recommended version: 6.1.20 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: kRU61NtmUBJc%2FKH5iCtUE5rFnWHD%2F%2FfHKs%2Fkt0EHfh8%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-jdbc-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: PqEL2sFpOexMcKM%2BeZj1a9ybl4gEypg8KbDaVmhRAa8%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-expression-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: te%2F4HxA9SmqVJhYhEaVQw3y9Gr0gbHmDsTvKcsajJiA%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-test-3.2.6.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: TtEN61Um9tNK5Bop6gN61ZnvCY04njS07TxpEItF1rE%3D Vulnerable Package
	CVE-2024-38820	Maven-org.springframework:spring-test-4.0.7.RELEASE	details Recommended version: 4.3.30-atlassian-fecru-1 Description: The fix for CVE-2022-22968 made "disallowedFields" patterns in "DataBinder" case-insensitive. However, using "String.toLowerCase()" introduces some... Attack Vector: NETWORK Attack Complexity: LOW ID: zAyJYH3H4BKJlJgcyg%2BIPeKN3hE4%2BpUoHXjerZ9lpRM%3D Vulnerable Package
	CVE-2025-22233	Maven-org.springframework:spring-5.3.39	details Description: CVE-2024-38820 ensured locale-independent, lowercase conversion for both the configured "disallowedFields" patterns and for request parameter names... Attack Vector: NETWORK Attack Complexity: HIGH ID: 13oKdGunFDAYray3WjL8iB3h9CwV0R6Qgq42Yf9Y2ic%3D Vulnerable Package
	CVE-2025-22233	Maven-org.springframework:spring-context-3.2.6.RELEASE	details Recommended version: 6.1.20 Description: CVE-2024-38820 ensured locale-independent, lowercase conversion for both the configured "disallowedFields" patterns and for request parameter names... Attack Vector: NETWORK Attack Complexity: HIGH ID: C%2FmCblMquL69n%2BFoaXd5y8Ko%2F77EDDAdTT214CLzBcg%3D Vulnerable Package
	CVE-2025-22233	Maven-org.springframework:spring-context-4.0.7.RELEASE	details Recommended version: 6.1.20 Description: CVE-2024-38820 ensured locale-independent, lowercase conversion for both the configured "disallowedFields" patterns and for request parameter names... Attack Vector: NETWORK Attack Complexity: HIGH ID: Iu%2B4sQQ%2FCcO5awzGFHc%2B%2F%2F97hpH0k6PKrwWlnwmS9vc%3D Vulnerable Package

Fixed Issues (24)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2017-15288	Maven-org.scala-lang:scala-compiler-2.10.4
	CVE-2018-1272	Maven-org.springframework:spring-core-3.2.6.RELEASE
	CVE-2018-1272	Maven-org.springframework:spring-core-4.0.7.RELEASE
	Cx6a5f7948-7054	Maven-commons-collections:commons-collections-3.2.1
	Absolute_Path_Traversal	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Absolute_Path_Traversal	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	CVE-2022-22971	Maven-org.springframework:spring-core-3.2.6.RELEASE
	CVE-2022-22971	Maven-org.springframework:spring-core-4.0.7.RELEASE
	Hardcoded_password_in_Connection_String	/jOOQ-scala/src/test/scala/org/jooq/scala/example/Test.scala: 55
	Hardcoded_password_in_Connection_String	/jOOQ-scala/src/test/scala/org/jooq/scala/test/MapperTest.scala: 61
	Hardcoded_password_in_Connection_String	/jOOQ-examples/jOOQ-groovy/src/org/jooq/groovy/GroovyTest.groovy: 11
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 183
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 183
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 183
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 183
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 138
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 183
	Log_Forging	/jOOQ-codegen/src/main/java/org/jooq/util/GenerationTool.java: 183
	Use_Of_Hardcoded_Password_In_Config	/jOOQ-examples/jOOQ-oracle-example/src/main/resources/config.properties: 5