Bug #22668
closed
Update spring to 5.3.27 and spring-security 5.7.8
Added by François ARMAND about 1 year ago.
Updated almost 1 year ago.
Category:
Architecture - Dependencies
Description
For CVE related to SpEL (even if we don't use it)
Note: we can't upgrade to spring-security 5.8.X which requires java 17 it seems.
- Status changed from New to In progress
- Assignee set to François ARMAND
- Subject changed from Update spring to 5.3.27 to Update spring to 5.3.27 and spring-security 5.7.8
- Description updated (diff)
- Status changed from In progress to New
- Assignee deleted (
François ARMAND)
- Status changed from New to In progress
I checked that spring-security 5.7.8 works with our OIDC Okta
- Status changed from In progress to Pending technical review
- Assignee set to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/4767
- Status changed from Pending technical review to Pending release
- Fix check changed from To do to Checked
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.2.6 and 7.3.1 which were released today.
Also available in: Atom
PDF
Updated by 
Updated by Anonymous 
Updated by