Bug #26707: Upgrade spring security dependency to correct CVE-2025-22228 - Rudder - Issue Tracker

Actions

Bug #26707

open

Status:

Pending technical review

Priority:

N/A

Assignee:

Category:

Security

Target version:

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

There's a funny, low impact CVE (CVE-2025-22228) impacting us. Hopefully, no user used more than 72 chars pass :)

NOTE: we don't even use that implementation of bcrypt (we use the one from bouncycastle, which seems to be clean). But green must be green for CISO.

Actions

Also available in: Atom PDF