From 2fe23940a69985425227f5a910a7fa63ed0e30c9 Mon Sep 17 00:00:00 2001
From: Naomi Most <naomi@nthmost.com>
Date: Fri, 27 Feb 2026 03:56:02 -0800
Subject: [PATCH] Bump spring-boot-starter from 3.3.0 to 3.3.11

Fixes CVE-2025-22235: Spring Boot EndpointRequest.to() creates wrong
matcher if actuator endpoint is not exposed.

Closes #84
---
 conductor-client-spring/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conductor-client-spring/build.gradle b/conductor-client-spring/build.gradle
index c645786aa..e6c36fda5 100644
--- a/conductor-client-spring/build.gradle
+++ b/conductor-client-spring/build.gradle
@@ -19,7 +19,7 @@ repositories {
 
 dependencies {
     api project(":conductor-client")
-    implementation 'org.springframework.boot:spring-boot-starter:3.3.0'
+    implementation 'org.springframework.boot:spring-boot-starter:3.3.11'
 }
 
 java {