zally icon indicating copy to clipboard operation
zally copied to clipboard

Published 20 hours ago verified publisher icon zalando

Spring upgrade to address CVEs

Open jackie-linz opened this issue 1 year ago • 0 comments

Hi, the current Lilly server has 3 critical vulnerabilities:

  • CVE-2022-1471 - org.yaml:snakeyaml
  • CVE-2016-1000027 - org.springframework:spring-web
  • CVE-2019-10202 - org.codehaus.jackson:jackson-mapper-asl

I see that you may already have plan to upgrade Spring as indicated in this PR, just wondering whether there's a definite plan for it?

jackie-linz avatar Feb 09 '24 01:02 jackie-linz