Library updates to squash reported CVEs.

Author: costas80

etc/owasp-suppressions.xml

@@ -2,48 +2,6 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
         <notes><![CDATA[
-   file name: log4j-api-2.14.1.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$</packageUrl>
-        <cve>CVE-2021-44228</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: log4j-api-2.14.1.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$</packageUrl>
-        <cve>CVE-2021-45046</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: log4j-to-slf4j-2.14.1.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-to\-slf4j@.*$</packageUrl>
-        <cve>CVE-2021-44228</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: log4j-to-slf4j-2.14.1.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-to\-slf4j@.*$</packageUrl>
-        <cve>CVE-2021-45046</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: log4j-api-2.14.1.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$</packageUrl>
-        <cve>CVE-2021-45105</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: log4j-to-slf4j-2.14.1.jar
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-to\-slf4j@.*$</packageUrl>
-        <cve>CVE-2021-45105</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
    file name: itext-2.1.7.js8.jar
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.lowagie/itext@.*$</packageUrl>

pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.1</version>
+        <version>2.6.2</version>
     </parent>
 
     <modules>
@@ -45,15 +45,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <validatorTimestamp>${maven.build.timestamp}</validatorTimestamp>
         <maven.build.timestamp.format>yyyy-MM-dd HH:mm:ss (XXX)</maven.build.timestamp.format>
-        <!-- Note START
-             For Spring Boot versions above 2.6.1 check to see
-             if the org.thymeleaf.thymeleaf-spring5 dependency is at least at 3.0.13.RELEASE.
-             If yes remove the explicit thymeleaf version and dependency management section
-             (this was added to address CVE-2021-43466).
-        -->
-        <version.springBoot>2.6.1</version.springBoot>
-        <version.thymeleaf>3.0.13.RELEASE</version.thymeleaf>
-        <!-- Note END -->
+        <version.springBoot>2.6.2</version.springBoot>
         <version.gitbTypes>1.15.0</version.gitbTypes>
         <version.itbCommons>1.1.0-SNAPSHOT</version.itbCommons>
         <version.slf4j>1.7.32</version.slf4j>
@@ -105,16 +97,6 @@
 
     <dependencyManagement>
         <dependencies>
-            <dependency>
-                <groupId>org.thymeleaf</groupId>
-                <artifactId>thymeleaf-spring5</artifactId>
-                <version>${version.thymeleaf}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.thymeleaf</groupId>
-                <artifactId>thymeleaf</artifactId>
-                <version>${version.thymeleaf}</version>
-            </dependency>
             <dependency>
                 <groupId>eu.europa.ec.itb.json</groupId>
                 <artifactId>jsonvalidator-common</artifactId>