Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

org.springframework:spring-web:5.2.5.RELEASE:jar has vulerabilities, can u plz upgrade spring version #380

Closed
jabhijeet opened this issue Sep 21, 2020 · 2 comments
Closed

org.springframework:spring-web:5.2.5.RELEASE:jar has vulerabilities, can u plz upgrade spring version #380

jabhijeet opened this issue Sep 21, 2020 · 2 comments
Labels
CVE Critical security vulnerability in dependencies
Milestone
1.5.2

Comments

@jabhijeet
Copy link
Contributor

jabhijeet commented Sep 21, 2020
edited
Loading

To help us debug your issue fill in the basic information below using the options provided
org.springframework:spring-web:5.2.5.RELEASE:jar has vulerabilities, can u plz upgrade spring version
https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832

Serverless Java Container version: eg. 1.5
1.5.1

Implementations: Jersey / Spring / Spring Boot / Spring Boot 2 / Spark
SpringBoot

Framework version: eg SpringBoot 2.2.6.RELEASE
SpringBoot 2.2.6.RELEASE

Frontend service: REST API / HTTP API / ALB
REST
Deployment method: eg SAM, Serverless Framework, Console

Scenario

Describe what you are trying to accomplish
org.springframework:spring-web:5.2.5.RELEASE:jar has vulerabilities, can u plz upgrade spring version

Expected behavior

Describe how you would expect the application to behave
fixed in pull request #381

Actual behavior

Describe what you are seeing instead

Steps to reproduce

Provide code samples we can use to reproduce the issue as part of our integration tests. If there is a public repository for the misbehaving application link to it here

Full log output

Paste the full log output from the Lambda function's CloudWatch logs

logs
@jabhijeet jabhijeet changed the title org.springframework:spring-web:5.2.5.RELEASE:jar has vulerabilities, can u plz upgrade springboot 2 version org.springframework:spring-web:5.2.5.RELEASE:jar has vulerabilities, can u plz upgrade spring version Sep 21, 2020
@jabhijeet
Copy link
Contributor Author

jabhijeet commented Sep 21, 2020
edited
Loading

fixed in PR #381. Please review and merge

@sapessi sapessi added this to the 1.5.2 milestone Oct 6, 2020
@sapessi sapessi added the CVE Critical security vulnerability in dependencies label Oct 6, 2020
@sapessi
Copy link
Collaborator

sapessi commented Oct 6, 2020

1.5.2 has now hit maven central. Closing this issue.

@sapessi sapessi closed this as completed Oct 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Critical security vulnerability in dependencies
Projects
None yet
Milestone
1.5.2
Development

No branches or pull requests
2 participants
@jabhijeet @sapessi