Comments (3)
spikymonkey
commented on June 8, 2024
Hi @csterwa I'm a bit unsure on this one... Running ./gradlew dependencies on the 2.1.4.RELEASE branch shows
org.springframework:spring-core:5.1.5.RELEASE
As I understand it from the CVE report, the vulnerable versions are
Spring Framework 5.0 to 5.0.4
Spring Framework 4.3 to 4.3.15
so 5.1.5 should be fine.
I feel like I'm missing something obvious here but I'm not seeing it... was there any more info about the problematic dependency from the customer report?
from spring-cloud-services-connector.
csterwa
commented on June 8, 2024
This seems to not be an issue with SCS Connector dependencies. Waiting for response from person who found this to ensure there is nothing that we are missing before closing.
from spring-cloud-services-connector.
csterwa
commented on June 8, 2024
We got confirmation today that this was a build dependency issue and not SCS Connector CVE.
from spring-cloud-services-connector.
Related Issues (20)
- ServiceInfoPropertySourceAdapter disables RabbitAutoConfiguration HOT 1
- Support retrieving binary resources from Config Server HOT 9
- eurekaInstanceConfigBean conflict HOT 5
- Client application startup failure using Greenwich.SR1 with SCS 2.x service instances HOT 6
- PropertyMaskingContextInitializer prevents configuration of "keys-to-sanitize" HOT 5
- Add `User-Agent` header to HTTP requests originating from connectors connections
- Giveaway ConfigResourceClient with basic Impl and Autoconfiguration to spring-cloud-config project HOT 1
- published maven pom does not have versions for dependencies HOT 6
- Create 2.3.0 version based on Spring Boot 2.3
- Release SCS Starters/Connector 2.3.0.RELEASE
- Add SCS Starters 2.3.0.RELEASE to Spring Initializr HOT 1
- Upgrade to spring-boot 2.4.1
- spring.application.name changes on /actuator/refresh
- Publish SCS Connectors version 2.1.0.M1 HOT 2
- Upgrade to Spring Cloud Greenwich.RELEASE HOT 6
- Publish SCS Connectors 2.1.0.RELEASE HOT 1
- Add 2.1.0.RELEASE to start.spring.io HOT 2
- PlainTextOAuth2ConfigClient fails to fetch files from Vault backed Config Server HOT 8
- MongoTemplate Bean Creation Issue. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-cloud-services-connector.