Skip to content

OKAPI-1251: Sunflower: micrometer 1.12.13 -> 1.15.12 fix CVE-2026-40984#1456

Open
julianladisch wants to merge 1 commit into
b6.2from
OKAPI-1251
Open

OKAPI-1251: Sunflower: micrometer 1.12.13 -> 1.15.12 fix CVE-2026-40984#1456
julianladisch wants to merge 1 commit into
b6.2from
OKAPI-1251

Conversation

@julianladisch

Copy link
Copy Markdown
Contributor

https://folio-org.atlassian.net/browse/OKAPI-1251

Bump micrometer from 1.12.13 to 1.15.12.

This fixes https://spring.io/security/cve-2026-40984 Micrometer HTTP server instrumentations DoS vulnerability

See https://github.com/micrometer-metrics/micrometer/wiki/1.13-Migration-Guide#prometheus-java-client-0x-to-1x-upgrade why we need to change from micrometer-registry-prometheus to micrometer-registry-prometheus-simpleclient.

https://folio-org.atlassian.net/browse/OKAPI-1251

Bump micrometer from 1.12.13 to 1.15.12.

This fixes https://spring.io/security/cve-2026-40984 Micrometer HTTP server instrumentations DoS vulnerability

See https://github.com/micrometer-metrics/micrometer/wiki/1.13-Migration-Guide#prometheus-java-client-0x-to-1x-upgrade why we need to change from micrometer-registry-prometheus to <artifactId>micrometer-registry-prometheus-simpleclient.
@sonarqubecloud

Copy link
Copy Markdown

@julianladisch julianladisch requested review from a team and adamdickmeiss June 26, 2026 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants