From 94eb146b2f493e49a35c43cc42f154f26843df34 Mon Sep 17 00:00:00 2001
From: SathishK-T <166369440+SathishK-T@users.noreply.github.com>
Date: Thu, 3 Oct 2024 11:27:17 +0530
Subject: [PATCH] [PRODSEC-9478] Fix for Vulnerabilities in Spring Expression
 Language (SpEL)  (#2125)

Co-authored-by: Sathish Kumar <ST28@ford.com>
---
 pom.xml                                                     | 6 ++++++
 .../packaging/src/main/resources/licenses/notice.txt        | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d3d036cfe..109ccf621 100644
--- a/pom.xml
+++ b/pom.xml
@@ -90,6 +90,7 @@
       <dependency.commons-io.version>2.15.1</dependency.commons-io.version>
       <dependency.commons-codec.version>1.16.1</dependency.commons-codec.version>
       <dependency.spring.version>5.3.33</dependency.spring.version>
+      <dependency.spring-expression.version>6.1.12</dependency.spring-expression.version>
       <dependency.zookeeper.version>3.4.14</dependency.zookeeper.version>
       <dependency.mime4j.version>0.8.11</dependency.mime4j.version>
    </properties>
@@ -102,6 +103,11 @@
             <type>pom</type>
             <scope>import</scope>
          </dependency>
+          <dependency>
+              <groupId>org.springframework</groupId>
+              <artifactId>spring-expression</artifactId>
+              <version>${dependency.spring-expression.version}</version>
+          </dependency>
          <dependency>
             <groupId>org.apache.zookeeper</groupId>
             <artifactId>zookeeper</artifactId>
diff --git a/search-services/packaging/src/main/resources/licenses/notice.txt b/search-services/packaging/src/main/resources/licenses/notice.txt
index b137f73da..7621d84fe 100644
--- a/search-services/packaging/src/main/resources/licenses/notice.txt
+++ b/search-services/packaging/src/main/resources/licenses/notice.txt
@@ -67,7 +67,7 @@ spring-aop-5.3.33.jar http://projects.spring.io/spring-framework/
 spring-beans-5.3.33.jar http://projects.spring.io/spring-framework/
 spring-context-5.3.33.jar http://projects.spring.io/spring-framework/
 spring-core-5.3.33.jar http://projects.spring.io/spring-framework/
-spring-expression-5.3.33.jar http://projects.spring.io/spring-framework/
+spring-expression-6.1.12.jar http://projects.spring.io/spring-framework/
 spring-jdbc-5.3.33.jar http://projects.spring.io/spring-framework/
 spring-orm-5.3.33.jar http://projects.spring.io/spring-framework/
 spring-tx-5.3.33.jar http://projects.spring.io/spring-framework/