From a84b4796d711571a806d9a654cc2dd3eb521d68a Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Sun, 7 Sep 2025 10:21:01 +0000
Subject: [PATCH] fix: threadfix-offline/pom.xml & pom.xml to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-30077
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-12008931
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-10259368
---
 pom.xml                   | 2 +-
 threadfix-offline/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 0e2886c089..fb2cee599b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -311,7 +311,7 @@
         <servlet-api.version>3.1.0</servlet-api.version>
         <sitemesh.version>2.4.2</sitemesh.version>
         <slf4j.version>1.7.10</slf4j.version>
-        <spring.version>6.1.20</spring.version>
+        <spring.version>6.2.10</spring.version>
         <spring-ldap.version>2.0.2.RELEASE</spring-ldap.version>
         <springsecurity.version>6.4.6</springsecurity.version>
         <javax-el.version>2.2.4</javax-el.version>
diff --git a/threadfix-offline/pom.xml b/threadfix-offline/pom.xml
index 5448c30058..308402ce19 100644
--- a/threadfix-offline/pom.xml
+++ b/threadfix-offline/pom.xml
@@ -94,7 +94,7 @@
         <dependency>
             <groupId>commons-validator</groupId>
             <artifactId>commons-validator</artifactId>
-            <version>1.4.0</version>
+            <version>1.10.0</version>
             <scope>provided</scope>
         </dependency>
         <dependency>