Exacly what about : cat gradle.properties
cas.version=6.4.6.2 springBootVersion=2.5.7 On Thursday, March 31, 2022 at 11:07:44 PM UTC+2 [email protected] wrote: > Hi everyone, > > I have gone through the blog post mentioned above, I see that spring > version was updated from 5.3.9 to 5.3.18. However is there a need to update > spring boot version as well from 2.5.4 to 2.5.12 ? > > Thanks, > Harmeet > > On Thursday, March 31, 2022 at 1:24:47 PM UTC-5 [email protected] wrote: > >> A patch just released >> https://apereo.github.io/2022/03/31/spring-vuln/ >> >> On Thu, Mar 31, 2022 at 12:08 PM Baron Fujimoto <[email protected]> wrote: >> >>> I haven't seen any mention of this on the list yet, but it has been >>> recently disclosed that applications based on Spring and Java9+ may be >>> vulnerable to severe RCEs. >>> >>> Refs: >>> • < >>> https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement >>> > >>> • <https://tanzu.vmware.com/security/cve-2022-22965> >>> • <https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/> >>> >>> It appears that CAS 6 may be vulnerable. Our CAS 6.3.7.4 at least >>> appears to use spring-core-5.3.8.jar. Is there any info available on >>> planned patches to address these issues? >>> -- >>> Baron Fujimoto <[email protected]> :: UH Information Technology Services >>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Best Regards, >> Mohamed M. Aboulela >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/13a1a41c-cb30-470b-b18f-e59045ceb049n%40apereo.org.
