Update Spring to 5.3.20+ to mitigate CVE-2022-22970

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 9.0.0, 8.2.6, 8.1.10, 8.0.11
    • Affects Version/s: 8.0.10, 8.1.9, 8.2.5, 7.2.10
    • Component/s: Security
    • None
    • 1
    • Severity 3 - Minor

      Spring dependency should be upgraded to 5.3.20+ to fix CVE-2022-22970

      Steps to Reproduce

      1. See dependencies at WEB-INF/lib

      Expected Results

      spring-framework and dependencies on version 5.3.20+ are expected

      Actual Results

      spring-framework and dependencies are on version 5.3.19 or lower

      Workaround

      Currently, there is no known workaround for this behaviour. A workaround will be added here when available

            Assignee:
            Alexey Chystoprudov
            Reporter:
            Eduardo Alvarenga (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: