VULNDB-316020 Critical spring_framework 5.3.25

Devops is rejecting my application can someone please update this?
Is there a way that I can update this so that I don’t have to wait a day or over the weekend to deploy my application?

So my application was taken down from the servers due to this vulnerability. I’m dead in the water here

this is critical.
What am I supposed to do if compliance is rejecting my jmix application?

Hi,

You can always try to raise the version of any library by providing an explicit dependency in your build.gradle, e.g.

implementation 'org.springframework:spring-core:5.3.26'

We’ll upgrade Spring Boot version that will bring the latest Spring 5.3.x dependency in the upcoming 1.5.1 release. Here is the issue for that.

1 Like

thanks