mjeffrey

The workaround from @tiberiuzuld fixed the issue for me. It might be a good idea to set up an integration test with a restrictive CSP and a basic app generated...

We have this issue as well on Spring Boot 2.1.3

We hit the same thing (including CVE-2022-31548 ) ``` [ERROR] jakarta.annotation-api-1.3.5.jar: CVE-2022-31569(9.3) [ERROR] jakarta.transaction-api-1.3.3.jar: CVE-2022-31569(9.3) [ERROR] querydsl-core-5.0.0.jar: CVE-2022-31548(9.3) [ERROR] spring-cloud-commons-3.1.3.jar: CVE-2022-31569(9.3) [ERROR] spring-security-rsa-1.0.10.RELEASE.jar: CVE-2022-31569(9.3) ``` These CVE descriptions both seem...

Since these are stupid CVEs (and very explicit) we exclude using a match everything pattern. ``` ^.*$ CVE-2022-31569 CVE-2022-31548 ```

Hi @anthonyraymond. Thanks for the info. You mentioned `Actually, the Spring boot adapter itself is to be deprecated` Do you have a link to something official from Keycloak?

hi Alexey, I work with pdesmarets and he asked me to have a look at this. I see the problem with xjc you were talking about: xjc only needs to...