[Snyk] Fix for 2 vulnerabilities

[bogarin]

Snyk has created this PR to fix 2 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml
• patterns/design-patterns-architectural/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	SQL Injection SNYK-JAVA-ORGHIBERNATE-15038759	828	org.hibernate:hibernate-core: 5.2.16.Final -> 5.3.38.Final Proof of Concept
	External Initialization of Trusted Variables or Data Stores SNYK-JAVA-CHQOSLOGBACK-15062482	376	ch.qos.logback:logback-classic: 1.2.6 -> 1.5.25 ch.qos.logback:logback-core: 1.2.6 -> 1.5.25 No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 SQL Injection

[Copilot]

Pull request overview

This PR upgrades specific Maven dependencies to address Snyk-reported vulnerabilities in Hibernate and Logback, plus a small XML formatting cleanup.

Changes:

• Bump logback.version in the root pom.xml from 1.2.6 to 1.5.25 and normalize <ignore> elements to self-closing tags.
• Bump hibernate-core.version in patterns/design-patterns-architectural/pom.xml from 5.2.16.Final to 5.3.38.Final to remediate the reported Hibernate vulnerability.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
pom.xml	Updates global Logback version for the multi-module project to remediate a Logback vulnerability and adjusts some XML <ignore> tags to self-closing form.
patterns/design-patterns-architectural/pom.xml	Updates the Hibernate Core version used by the architectural design-patterns module to a non-vulnerable release.

Comments suppressed due to low confidence (1)

pom.xml:1454

• Updating logback.version to 1.5.25 while keeping org.slf4j.version at 1.7.32 and java.version at 1.8 introduces a version incompatibility: logback 1.5.x requires SLF4J 2.x and at least Java 11. This mismatch is likely to cause runtime issues (e.g., NoSuchMethodError due to SLF4J API changes) or require running the build on a newer JDK than the project is configured for. Consider either upgrading org.slf4j.version (and the Java baseline) to versions compatible with logback 1.5.x, or choosing the latest secure logback release that is still compatible with SLF4J 1.7 and Java 8 if you need to keep the current baseline.

        <!-- logging -->
        <org.slf4j.version>1.7.32</org.slf4j.version>
        <logback.version>1.5.25</logback.version>

        <!-- plugins -->
        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
        <exec-maven-plugin.version>3.0.0</exec-maven-plugin.version>
        <java.version>1.8</java.version>

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.