[Snyk] Fix for 1 vulnerabilities

[kenjitm]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• marlo-parent/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	SQL Injection SNYK-JAVA-ORGHIBERNATE-15038759	710	org.hibernate:hibernate-core: 4.3.5.Final -> 5.3.38.Final org.hibernate:hibernate-ehcache: 4.3.5.Final -> 5.3.38.Final Major version upgrade No Path Found Proof of Concept

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 SQL Injection

---

Note

Upgrades Hibernate to remediate a reported vulnerability.

• Bumps hibernate-core-version property in marlo-parent/pom.xml from 4.3.5.Final to 5.3.38.Final
• Propagates to org.hibernate:hibernate-core and org.hibernate:hibernate-ehcache versions (major upgrade from 4.x to 5.3.x)

^{Written by Cursor Bugbot for commit 954f9e7. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Hibernate 5 upgrade breaks Spring ORM integration

High Severity

Upgrading hibernate-core-version from 4.3.5.Final to 5.3.38.Final is a major version upgrade that breaks existing code. The codebase uses Spring's Hibernate 4-specific classes (org.springframework.orm.hibernate4.HibernateTransactionManager and LocalSessionFactoryBuilder) and Hibernate 4's org.hibernate.metamodel.source.MetadataImplementor, none of which exist in Hibernate 5. This upgrade requires corresponding code changes to use org.springframework.orm.hibernate5.* classes and org.hibernate.boot.spi.MetadataImplementor.