Issue #190 - Spring Data Commons vulnerability

Fixed security issue with spring-data-commons by update to version `Ingalls-SR14` - see CVE-2018-1273

Author: derjust

pom.xml

@@ -20,7 +20,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.github.derjust</groupId>
     <artifactId>spring-data-dynamodb</artifactId>
-    <version>4.5.7-SNAPSHOT</version>
+    <version>4.5.7</version>
     <name>Spring Data DynamoDB</name>
     <inceptionYear>2018</inceptionYear>
 
@@ -38,7 +38,7 @@
 
     <properties>
         <spring.version>4.3.6.RELEASE</spring.version>
-        <spring-data.version>Ingalls-RELEASE</spring-data.version>
+        <spring-data.version>Ingalls-SR14</spring-data.version>
 
         <hibernate-validator.version>5.2.4.Final</hibernate-validator.version>
         <aws-java-sdk.version>1.11.289</aws-java-sdk.version>
@@ -529,7 +529,7 @@
         <url>https://github.com/spring-data-dynamodb/spring-data-dynamodb</url>
         <connection>scm:git:ssh://github.com/spring-data-dynamodb/spring-data-dynamodb.git</connection>
         <developerConnection>scm:git:ssh://git@github.com/spring-data-dynamodb/spring-data-dynamodb.git</developerConnection>
-        <tag>v5.0.2</tag>
+        <tag>v4.5.7</tag>
   </scm>
 
     <repositories>

src/changes/changes.xml

@@ -23,10 +23,56 @@
     <author email="zeeman@zeeman.de">derjust</author>
   </properties>
   <body>
-    <release version="5.0.3" date="" description="Maintenance release">
+    <release version="5.0.3" date="2018-08-10" description="Maintenance &amp; security release">
       <action dev="derjust" type="fix" date="2018-03-05">
         Fix Javadoc and cast warnings
       </action>
+      <action dev="derjust" issue="142" type="add" date="2018-03-21">
+        Added support for @Query-based projections
+      </action>
+      <action dev="derjust" issue="148" type="add" date="2018-03-22">
+        Publish master builds to OSSRH as SNAPSHOT
+      </action>
+      <action dev="derjust" issue="146" type="fix" date="2018-03-24">
+        Fix incomplete AWS DynamoDBMapper initialization
+      </action>
+      <action dev="derjust" issue="57" type="fix" date="2018-03-25">
+        Fix compatibility with AWS SDK 1.11.36 (NullPointerException)
+      </action>
+      <action dev="derjust" issue="81" type="fix" date="2018-03-25">
+        Fixed NullPointerException for DynamoDBIndexHashKey (GSI)
+      </action>
+      <action dev="derjust" issue="47" type="fix" date="2018-03-25">
+        Confirmed that findByKeyAndOtherKey returns null/Optional.empty()
+      </action>
+      <action dev="derjust" type="add" date="2018-03-26">
+        Use just Spring-Data Commons dependency inspired by
+        https://github.com/sheradmin/spring-data-dynamodb/commit/57efbce2978481cbaf374f01d88424766a314662
+      </action>
+      <action dev="blx" type="add" date="2018-03-26">
+        Add support for DynamoDBTypeConverted annotations on hash key
+      </action>
+      <action dev="derjust" type="fix" date="">
+        Fixed NullPointerException for findAllByOrderByProperty queries
+      </action>
+      <action dev="CoderPaulK" issue="158" type="fix" date="2018-04-15">
+        Fixed method signature
+      </action>
+      <action dev="boothen" issue="15" type="fix" date="2018-06-12">
+        Spring Data Rest uses a PersistentEntityResourceAssembler that requires the DynamoDBMappingContext to be exposed as a Spring Bean.
+      </action>
+      <action dev="SimY4" issue="177" type="fix" date="2018-07-04">
+        Fixed NPE when deleting nonexistent entity
+      </action>
+      <action dev="SimY4" issue="183" type="fix" date="2018-07-16">
+        Match hibernate validator dependency version with Spring Boot 2 dependency. 
+      </action>
+      <action dev="derjust" issue="181" type="fix" date="2018-07-16">
+        `Pageable.unpaged()` find queries fail
+      </action>
+      <action dev="derjust" issue="190" type="fix" date="2018-08-10">
+        Update to spring-data 2.0.9 due to fix CVE-2018-1273
+      </action>
     </release>
     <release version="5.0.2" date="2018-03-05" description="Maintenance release">
       <action dev="vitolimandibhrata" issue="40" type="add" date="2017-01-07">
@@ -79,15 +125,18 @@
       <action dev="Alex Arana" type="add" issue="62">
         Support @DynamoDBTypeConverted instead of/in addition to @DynamoDBMarshalling for query methods
       </action>
+      <action dev="derjust" type="add" issue="136">
+        Transfer to spring-data-dynamodb organization
+      </action>
     </release>
     <release version="5.0.0" date="2017-11-27" description="Spring 5 release" >
       <action dev="derjust" type="add">
         Added Spring 5 / Spring-Data Kay support
       </action>
     </release>
-    <release version="4.5.6" date="2018-07-02" description="Bugfix release">
-      <action dev="derjust" type="fix" issue="171">
-        spring-data project artifact does not provide version information thus can't calculate compatibility
+    <release version="4.5.7" date="2018-08-10" description="security release">
+      <action dev="derjust" issue="190" type="fix" date="2018-08-10">
+        Update to spring-data Ingalls-SR14 due to fix CVE-2018-1273
       </action>
     </release>
     <release version="4.5.5" date="2018-03-07" description="Backport of v5.0 (master)">
@@ -119,4 +168,4 @@
       </action>
     </release>
   </body>
-</document>
+</document>