From f0242f05f61ea85a33a91d39225535768f2166fb Mon Sep 17 00:00:00 2001
From: Oleksandra Matviienko <al.zzzeebra@gmail.com>
Date: Mon, 6 Apr 2026 14:19:32 +0200
Subject: [PATCH] Bump spring-boot to 3.5.13 to fix jackson-core vulnerability

---
 pom.xml | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/pom.xml b/pom.xml
index 001a1bcc0d..2d9a57843b 100755
--- a/pom.xml
+++ b/pom.xml
@@ -62,9 +62,7 @@
         <pkg.implementationTitle>${project.name}</pkg.implementationTitle>
         <pkg.unixLogFolder>/var/log/${pkg.name}</pkg.unixLogFolder>
         <pkg.installFolder>/usr/share/${pkg.name}</pkg.installFolder>
-        <spring-boot.version>3.5.12</spring-boot.version>
-        <jackson-bom.version>2.21.1</jackson-bom.version> <!-- to fix GHSA-72hv-8253-57qq. TODO: remove when fixed in spring-boot-dependencies -->
-        <netty.version>4.1.132.Final</netty.version> <!-- to fix CVE-2026-33870 and CVE-2026-33871. TODO: remove when fixed in spring-boot-dependencies -->
+        <spring-boot.version>3.5.13</spring-boot.version>
         <javax.xml.bind-api.version>2.4.0-b180830.0359</javax.xml.bind-api.version>
         <jjwt.version>0.12.5</jjwt.version>
         <rat.version>0.10</rat.version> <!-- unused -->
@@ -993,24 +991,6 @@
 
     <dependencyManagement>
         <dependencies>
-            <!-- Temporary jackson-bom version override -->
-            <dependency>
-                <groupId>com.fasterxml.jackson</groupId>
-                <artifactId>jackson-bom</artifactId>
-                <version>${jackson-bom.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-            <!-- End of jackson-bom version override -->
-            <!-- Temporary netty-bom version override -->
-            <dependency>
-                <groupId>io.netty</groupId>
-                <artifactId>netty-bom</artifactId>
-                <version>${netty.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-            <!-- End of netty-bom version override -->
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>