Skip to content

Comments

[Snyk] Upgrade org.thymeleaf.extras:thymeleaf-extras-springsecurity5 from 3.0.4.RELEASE to 3.1.3.RELEASE#6

Open
rogeliocisternas wants to merge 1 commit intomainfrom
snyk-upgrade-a36323ede59b56be7a5f7e5cca0a9fc8
Open

[Snyk] Upgrade org.thymeleaf.extras:thymeleaf-extras-springsecurity5 from 3.0.4.RELEASE to 3.1.3.RELEASE#6
rogeliocisternas wants to merge 1 commit intomainfrom
snyk-upgrade-a36323ede59b56be7a5f7e5cca0a9fc8

Conversation

@rogeliocisternas
Copy link
Owner

@rogeliocisternas rogeliocisternas commented Feb 15, 2026

snyk-top-banner

Snyk has created this PR to upgrade org.thymeleaf.extras:thymeleaf-extras-springsecurity5 from 3.0.4.RELEASE to 3.1.3.RELEASE.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.

  • The recommended version was released a year ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JAVA-ORGTHYMELEAFEXTRAS-572299		 539 No Known Exploit

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade org.thymeleaf.extras:thymeleaf-extras-springsecurity5 fr…
61d684d 
…om 3.0.4.RELEASE to 3.1.3.RELEASE

Snyk has created this PR to upgrade org.thymeleaf.extras:thymeleaf-extras-springsecurity5 from 3.0.4.RELEASE to 3.1.3.RELEASE.

See this package in maven:
org.thymeleaf.extras:thymeleaf-extras-springsecurity5

See this project in Snyk:
https://app.snyk.io/org/r4devopsdotcom/project/4288e90f-f21f-499f-9be2-cbb7492d3f78?utm_source=github&utm_medium=referral&page=upgrade-pr
Copilot AI review requested due to automatic review settings February 15, 2026 15:38
Copilot AI reviewed Feb 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates a Maven dependency version to address a reported vulnerability in the Thymeleaf Spring Security extras module used by this Spring Boot application.

Changes:

  • Bumps org.thymeleaf.extras:thymeleaf-extras-springsecurity5 from 3.0.4.RELEASE to 3.1.3.RELEASE.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pom.xml
Comment on lines 64 to 68
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
<version>3.1.3.RELEASE</version>
</dependency>
Copy link

Copilot AI Feb 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Project is on Spring Boot 3.0.6 (Spring Security 6), but this dependency is the springsecurity5 dialect. Upgrading its version may still leave you with an incompatible dialect or introduce classpath conflicts (e.g., pulling Spring Security 5 artifacts alongside Security 6). Consider switching to org.thymeleaf.extras:thymeleaf-extras-springsecurity6 (and ideally rely on Spring Boot dependency management for the version) to match the Spring Security major used by Boot 3.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rogeliocisternas @snyk-bot