Update Spring version to mitigate CVE-2022-22950 / cve-2022-22965: DoS and RCE

olaf-otto opened this issue 3 years ago · 1 comments

olaf-otto commented 3 years ago

The Spring team just released a new version fixing CVE-2022-22950: Spring Expression DoS Vulnerability: https://spring.io/blog/2022/03/28/cve-report-published-for-spring-framework. Update to this version and release NEBA as soon as the servicemix team has released the OSGi bundles of this release, see https://search.maven.org/search?q=g:org.apache.servicemix.bundles%20spring-beans

olaf-otto commented 3 years ago

Done via update to 5.3.18_1