spring-cloud-starter-netflix-eureka-client:4.1 has vulnerability with dependency commons-jxpath:1.3
ziad-saade opened this issue · 3 comments
spring-cloud-starter-netflix-eureka-client latest version 4.1.3
commons-jxpath latest version 1.3
Hello, @ziad-saade, thanks for reporting the issue. This is a transitive dependency provided by an external repo: https://github.com/Netflix/netflix-commons. There's no higher version of Netflix/Eureka that we could upgrade to. We can't also provide a fix for Netflix/Eureka, since no higher version of Netflix/netflix-commons is available. The users can exclude the dependency on their end. Please create an issue in Netflix/netflix-commons and link here. We'll upgrade once an upgraded version is made available.
Thanks you @OlgaMaciaszek for your reply, below link to the issue:
Netflix/netflix-commons#34