Issue Encountered while Upgrading org.springframework:spring-web to Version 6.0.0

nazwan · December 14, 2023, 2:06pm

As per the security team’s recommendation, I proceeded with upgrading the org.springframework:spring-web library from version 5.3.31 to version 6.0.0. However, after implementing this upgrade, we encountered an issue where the application failed to start properly.

Our application is built on Jmix version 1.5.3, and we’re currently investigating this issue to understand its root cause. Our team is actively working to resolve it swiftly, ensuring that we maintain both the security and functionality of our application.

I wanted to keep you informed about our progress in addressing these security concerns. Rest assured, we are prioritizing this matter and taking the necessary steps to mitigate the issue.

Below screenshot from our security team

krivopustov · December 15, 2023, 3:33pm

You cannot use Spring 6 in Jmix 1.5, they are incompatible because Spring 6 uses the new Jakarta namespace.

You can either ignore this CVE because it is related to HTTPInvoker functionality which is not used in Jmix, or upgrade the project to Jmix 2.x which is based on Spring 6.

Regards,
Konstantin

eduardo.paramo · December 18, 2023, 10:34pm

Were you able to resolve this?

krivopustov · January 9, 2024, 2:36pm

A post was split to a new topic: Error running in Docker