Actions
Bug #26707
closed
Upgrade spring security dependency to correct CVE-2025-22228
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
There's a funny, low impact CVE (CVE-2025-22228) impacting us. Hopefully, no user used more than 72 chars pass :)
NOTE: we don't even use that implementation of bcrypt (we use the one from bouncycastle, which seems to be clean). But green must be green for CISO.
Updated by 
Updated by Anonymous 
Updated by
Actions