From f49f250cca6cd01df68fce490b08d3afa775b7e0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 27 Jan 2026 05:19:57 +0000
Subject: [PATCH] fix: pom.xml & spring-hibernate4/pom.xml to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATE-15038759
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-15062482
---
 pom.xml                   | 2 +-
 spring-hibernate4/pom.xml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index dfa7e09acc56..c377af1b0ccd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
         <mockito.version>2.8.9</mockito.version>
         <!-- logging -->
         <org.slf4j.version>1.7.21</org.slf4j.version>
-        <logback.version>1.1.7</logback.version>
+        <logback.version>1.5.25</logback.version>
         <!-- plugins -->
         <maven-surefire-plugin.version>2.19.1</maven-surefire-plugin.version>
         <maven-compiler-plugin.version>3.6.0</maven-compiler-plugin.version>
diff --git a/spring-hibernate4/pom.xml b/spring-hibernate4/pom.xml
index 0a89819b8157..7e7dea95e93f 100644
--- a/spring-hibernate4/pom.xml
+++ b/spring-hibernate4/pom.xml
@@ -154,8 +154,8 @@
         <org.springframework.data.version>1.10.5.RELEASE</org.springframework.data.version>
 
         <!-- persistence -->
-        <hibernate.version>4.3.11.Final</hibernate.version>
-        <hibernate-envers.version>${hibernate.version}</hibernate-envers.version>
+        <hibernate.version>5.3.38.Final</hibernate.version>
+        <hibernate-envers.version>5.3.38.Final</hibernate-envers.version>
         <mysql-connector-java.version>5.1.40</mysql-connector-java.version>
         <tomcat-dbcp.version>8.5.8</tomcat-dbcp.version>
         <jta.version>1.1</jta.version>