diff --git a/owasp-false-positive-warnings.xml b/owasp-false-positive-warnings.xml
index 2be044c9e3c86fec2050474a77168442f3daf326..c2fa230b197eea5d73a87f129904e4fac789a5e1 100644
--- a/owasp-false-positive-warnings.xml
+++ b/owasp-false-positive-warnings.xml
@@ -2,17 +2,39 @@
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
- file name: spring-security-crypto-5.7.5.jar
+ file name: spring-security-crypto-5.8.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
<vulnerabilityName>CVE-2020-5408</vulnerabilityName>
+ <cve>CVE-2018-1258</cve>
</suppress>
<suppress>
<notes><![CDATA[
- file name: spring-web-5.3.23.jar
+ file name: spring-web-5.3.26.jar
]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
+ <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-(web|core)@.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
+ <cve>CVE-2018-1258</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: smp.war: spring-core-5.3.26.jar
+ ]]></notes>
+ <sha1>81f0f0bbba14ca6e17d52f0b1c7d52da8c4da098</sha1>
+ <cve>CVE-2016-1000027</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: smp.war: spring-security-*.jar
+ ]]></notes>
+ <cve>CVE-2018-1258</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: spring-aop-5.3.25.jar spring-expression-5.3.25.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-(aop|expression)@.*$</packageUrl>
+ <cve>CVE-2023-20861</cve>
</suppress>
<suppress>
<notes><![CDATA[
@@ -21,4 +43,31 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.cxf\.xjc\-utils/cxf\-xjc\-runtime@.*$</packageUrl>
<cve>CVE-2021-4277</cve>
</suppress>
-</suppressions>
\ No newline at end of file
+ <suppress>
+ <notes><![CDATA[
+ file name: cxf-rt-bindings-soap-3.5.5.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$</packageUrl>
+ <cve>CVE-2022-40705</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: guava-30.1-jre.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <vulnerabilityName>CVE-2020-8908</vulnerabilityName>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: snakeyaml-1.30.jar part of spring boot - just for demo and testing
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <cve>CVE-2022-1471</cve>
+ <cve>CVE-2022-25857</cve>
+ <cve>CVE-2022-38749</cve>
+ <cve>CVE-2022-38751</cve>
+ <cve>CVE-2022-38752</cve>
+ <cve>CVE-2022-41854</cve>
+ <cve>CVE-2022-38750</cve>
+ </suppress>
+</suppressions>
diff --git a/pom.xml b/pom.xml
index 0624e1cf6b4afbddac076b4cd3d81057da506855..fb0da6e2c7bca74cb321abc9d89ffb1d9074f590 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,6 +51,7 @@
<commons-collections.version>3.2.2</commons-collections.version>
<commons-io.version>2.11.0</commons-io.version>
<commons-lang3.version>3.12.0</commons-lang3.version>
+ <commons-fileupload.version>1.5</commons-fileupload.version>
<commons-net.version>3.8.0</commons-net.version>
<commons-validator.version>1.7</commons-validator.version>
<cxf-xjc-runtime.version>3.3.2</cxf-xjc-runtime.version>
@@ -78,7 +79,7 @@
<junit-platform-surefire-provider.version>1.3.2</junit-platform-surefire-provider.version>
<junitparams.version>1.1.1</junitparams.version>
<logback.version>1.2.11</logback.version>
- <mysql.jdbc.version>8.0.31</mysql.jdbc.version>
+ <mysql.jdbc.version>8.0.32</mysql.jdbc.version>
<metro.version>2.2.1-1</metro.version>
<!-- mockito.version>2.23.4</mockito.version -->
<mockito.version>4.10.0</mockito.version>
@@ -87,10 +88,10 @@
<slf4j.version>1.7.36</slf4j.version>
<soapui.plugin.version>5.1.2</soapui.plugin.version>
<spring-modules-jakarta-commons.version>0.8</spring-modules-jakarta-commons.version>
- <spring-boot.version>2.7.7</spring-boot.version>
- <spring-boot.tomcat.version>9.0.70</spring-boot.tomcat.version>
- <spring.security.version>5.7.5</spring.security.version>
- <spring.version>5.3.25</spring.version>
+ <spring-boot.version>2.7.10</spring-boot.version>
+ <spring-boot.tomcat.version>9.0.73</spring-boot.tomcat.version>
+ <spring.security.version>5.8.2</spring.security.version>
+ <spring.version>5.3.26</spring.version>
<xmlunit.version>2.9.0</xmlunit.version>
<!-- plugins -->
@@ -527,6 +528,12 @@
<artifactId>commons-lang3</artifactId>
<version>${commons-lang3.version}</version>
</dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>${commons-fileupload.version}</version>
+ </dependency>
+
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
@@ -831,7 +838,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>7.4.4</version>
+ <version>8.1.2</version>
<inherited>false</inherited>
<configuration>
<skipProvidedScope>true</skipProvidedScope>
diff --git a/smp-webapp/pom.xml b/smp-webapp/pom.xml
index 5d55e484f50e81e1b9620ef24f20f865ec555870..a24778bc65d3f16949711562509a86c0f83488c0 100644
--- a/smp-webapp/pom.xml
+++ b/smp-webapp/pom.xml
@@ -64,11 +64,9 @@
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
-
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
- <version>1.3.3</version>
</dependency>
<dependency>