Update Spring to 5.3.20+ to mitigate CVE-2022-22970

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 9.0.0, 8.2.6, 8.1.10, 8.0.11
    • Affects Version/s: 8.0.10, 8.1.9, 8.2.5, 7.2.10
    • Component/s: Security
    • None
    • 1
    • Severity 3 - Minor

      Spring dependency should be upgraded to 5.3.20+ to fix CVE-2022-22970

      Steps to Reproduce

      1. See dependencies at WEB-INF/lib

      Expected Results

      spring-framework and dependencies on version 5.3.20+ are expected

      Actual Results

      spring-framework and dependencies are on version 5.3.19 or lower

      Workaround

      Currently, there is no known workaround for this behaviour. A workaround will be added here when available

              Assignee:
              Alexey Chystoprudov
              Reporter:
              Eduardo Alvarenga (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: