SWI-3723 [Snyk] Security upgrade org.springframework:spring-web from 5.3.33 to 6.2.17

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/echo_api/java/resttemplate/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JAVA-ORGSPRINGFRAMEWORK-15701755	39	org.springframework:spring-web: 5.3.33 -> 6.2.17 Major version upgrade No Path Found No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[bwappsec]

This is a major version upgrade from Spring Framework 5.x to 6.x, which introduces significant breaking changes requiring both code and environment modifications.

Key Breaking Changes:

• Java 17 Baseline: Spring Framework 6 requires Java 17 or later. Applications must be running on a compatible JDK.
• Jakarta EE 9+ Migration: All Java EE APIs have been migrated from the javax.* namespace to the jakarta.* namespace. This is a major code-level breaking change. For spring-web, this means all javax.servlet.* imports must be updated to jakarta.servlet.*.
• Servlet Container Requirement: A Jakarta EE 9 compatible web server is required, such as Tomcat 10+, Jetty 11+, or Undertow 2.2.19+.
• Controller Detection: Classes are no longer recognized as controllers based solely on a type-level @RequestMapping annotation. The @Controller or @RestController annotation is now mandatory.
• Removed Integrations: Support for several outdated components has been removed, including Apache Commons FileUpload (CommonsMultipartResolver). The recommended alternative is StandardServletMultipartResolver.
• HttpMethod Class: The HttpMethod type has been changed from an enum to a class, which may require refactoring code that uses it in switch statements or EnumSet.

Source: Upgrading to Spring Framework 6.x GitHub Wiki

Recommendation: This upgrade is a significant undertaking that requires careful planning. Developers must migrate the codebase to the new jakarta.* namespace, ensure the application is running on Java 17, and deploy to a compatible web server. Thorough testing is essential to ensure all components function correctly after the migration.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.