Third-Party Update: Spring Boot and Related Dependencies

Spring Boot has been updated to version 2.6.8. Related dependencies have been updated to at least the versions used by Spring Boot. This includes updates to fix reported security issues in Spring Security and Tomcat (CVE-2022-22976, CVE-2022-22978, CVE-2022-29885). The new version of Spring Security contains a bug fix for certain configurations of password hashing (CVE-2022-22976), which may require additional upgrade steps if you have changed the configuration for password hashing in the Content Server or Elastic Social.

Follow Section, “Third-Party Update: Spring Boot and Related Dependencies” for upgrade information.

(CMS-21777)