Fix the annoying vulnerability Github report about spring-core
bbottema opened this issue · 1 comments
bbottema commented
So, Simple Java Mail doesn't actually do anything with Spring, except for playing nice with a range of versions by being able to translate Spring-read properties to Simple Java Mail configuration. It is also an optional dependency, so users don't have to use Spring at all.
As it is an optional dependency, it is not pulled in transitively by other projects. This in turn means other projects are free to use any version of Spring. The solution then is simple: simply upgrade the optional dependency version from 4.3.11.RELEASE to 4.3.18.RELEASE.
bbottema commented
Released in 5.0.8.