From e30b992adc0b1a8f6dd864dc881ca778c905e377 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 3 Feb 2026 05:33:57 +0000
Subject: [PATCH] fix: todolist-goof/todolist-web-struts/pom.xml &
 todolist-goof/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30207
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-1049003
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30772
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-31409
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31503
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608097
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30770
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31495
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-32477
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611
- https://dev.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30401
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30771
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30778
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-451610
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-2635340
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-608098
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30774
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-609765
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30163
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30165
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339
- https://dev.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109
- https://dev.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30060
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30775
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30776
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31500
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31501
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-31502
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418
- https://dev.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-31540
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31331
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-30773
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-30164
- https://dev.snyk.io/vuln/SNYK-JAVA-OGNL-30474
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTS-460223
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-31325
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878
- https://dev.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-567761
---
 todolist-goof/pom.xml                     | 4 ++--
 todolist-goof/todolist-web-struts/pom.xml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/todolist-goof/pom.xml b/todolist-goof/pom.xml
index 4df79d1b1b..1199023cc5 100644
--- a/todolist-goof/pom.xml
+++ b/todolist-goof/pom.xml
@@ -10,10 +10,10 @@
     <url>https://github.com/snyk/java-goof</url>
 
     <properties>
-        <spring.version>3.2.6.RELEASE</spring.version>
+        <spring.version>5.2.22.RELEASE</spring.version>
         <hibernate.version>4.3.7.Final</hibernate.version>
         <tapestry.version>5.3.8</tapestry.version>
-        <struts2.version>2.3.20</struts2.version>
+        <struts2.version>2.5.30</struts2.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
diff --git a/todolist-goof/todolist-web-struts/pom.xml b/todolist-goof/todolist-web-struts/pom.xml
index e58874f827..affc8676b5 100644
--- a/todolist-goof/todolist-web-struts/pom.xml
+++ b/todolist-goof/todolist-web-struts/pom.xml
@@ -27,7 +27,7 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.7</version>
+            <version>2.13.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
@@ -90,7 +90,7 @@
         <dependency>
             <groupId>org.zeroturnaround</groupId>
             <artifactId>zt-zip</artifactId>
-            <version>1.12</version>
+            <version>1.13</version>
             <type>jar</type>
         </dependency>
     </dependencies>