Upgrade to latest Hibernate due to OWASP CVE-2020-10693 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10693

Comment From: pivotal-cla

@andrei-bamboi Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

Comment From: pivotal-cla

@andrei-bamboi Thank you for signing the Contributor License Agreement!

Comment From: snicoll

@andrei-bamboi the PR template states that:

Dependency Upgrades

Please do not open a pull request for a straightforward dependency upgrade (one that
only updates the version property). We have a semi-automated process for such upgrades
that we prefer to use. However, if the upgrade is more involved (such as requiring
changes for removed or deprecated API) your pull request is most welcome.

We can't upgrade to Hibernate Validator 7.x anyway as it uses Bean Validation 3.0, which will be handled as of Spring Boot 3.x

The CVE you've referenced is already fixed in the current version anyway...

Comment From: andrei-bamboi

Thanks. I did read all the PR template docs. I just wanted to make sure that the version will be upgraded due to version vulnerability. Thanks again for head up.

Comment From: snicoll

I just wanted to make sure that the version will be upgraded due to version vulnerability.

As I've indicated, the version that we manage at this time contains already the fix.

Comment From: andrei-bamboi

I just wanted to make sure that the version will be upgraded due to version vulnerability.

As I've indicated, the version that we manage at this time contains already the fix.

You are correct. I have double checked and it is fixed. Appear to be a false positive on our system. Thanks mate.