Upgrade ecChronos to use Spring 6 and Java 17 #690
Labels
Comments
VictorCavichioli
added
enhancement
|
CVE-2016-1000027 was solved in #733 |
|
So even though #733 "only" stepped to a higher version 5, the fix is in place? Should we close this then? |
|
When CVE-2016-1000027 was raised Springboot had declared v5 EOL and had no intention of releasing a fix for v5, later it seams they changed there mind and released a new v5 anyway. |
|
I vote for moving it into #704 instead :) |
|
This will be a part of #704 so this will be closed - as a duplicate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Story Description:
As reported from Spring boot team, the CVE-2016-1000027 in Spring-web project will be fixed in Spring 6, which depends of the Java 17, so to fix the vulnerability we need to update both versions, Spring and JDK. The patch for JDK 17 was created few months ago in #617
For more informations about, follow the thread below:
spring-projects/spring-framework#24434
The text was updated successfully, but these errors were encountered: