We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-10687 (https://nvd.nist.gov/vuln/detail/CVE-2020-10687) is been reported in undertow version below 2.2.0. spring-boot-starter-parent 2.3.4 is still using Undertow 2.1.4
Dependency tree +- org.springframework.boot:spring-boot-starter-undertow:jar:2.3.4.RELEASE:compile [INFO] | +- io.undertow:undertow-core:jar:2.1.4.Final:compile
+- org.springframework.boot:spring-boot-starter-undertow:jar:2.3.4.RELEASE:compile [INFO] | +- io.undertow:undertow-core:jar:2.1.4.Final:compile
Need to upgrade and release a new update
The text was updated successfully, but these errors were encountered:
@shivacharan0551 please consider searching the issue tracker before opening an issue. We already upgraded in 2.4.x and already indicated in that issue why we won't upgrade to a new feature release in a maintenance release of Spring Boot.
2.4.x
Please reach out to the Undertow team to ask them to backport. Alternatively, you can upgrade as explained in the comment I've referenced.
Sorry, something went wrong.
Duplicate of #23367
No branches or pull requests
Vulenarability
CVE-2020-10687 (https://nvd.nist.gov/vuln/detail/CVE-2020-10687) is been reported in undertow version below 2.2.0. spring-boot-starter-parent 2.3.4 is still using Undertow 2.1.4
Dependency tree
+- org.springframework.boot:spring-boot-starter-undertow:jar:2.3.4.RELEASE:compile [INFO] | +- io.undertow:undertow-core:jar:2.1.4.Final:compile
Need to upgrade and release a new update
The text was updated successfully, but these errors were encountered: