Hi Guys, Any update on spring boot version.
https://spring.io/blog/2022/03/31/spring-boot-2-5-12-available-now Regards, On Friday, April 1, 2022 at 7:32:48 AM UTC-5 artur mis wrote: > Exacly what about : > > cat gradle.properties > > cas.version=6.4.6.2 > springBootVersion=2.5.7 > > > > On Thursday, March 31, 2022 at 11:07:44 PM UTC+2 [email protected] wrote: > >> Hi everyone, >> >> I have gone through the blog post mentioned above, I see that spring >> version was updated from 5.3.9 to 5.3.18. However is there a need to update >> spring boot version as well from 2.5.4 to 2.5.12 ? >> >> Thanks, >> Harmeet >> >> On Thursday, March 31, 2022 at 1:24:47 PM UTC-5 [email protected] wrote: >> >>> A patch just released >>> https://apereo.github.io/2022/03/31/spring-vuln/ >>> >>> On Thu, Mar 31, 2022 at 12:08 PM Baron Fujimoto <[email protected]> >>> wrote: >>> >>>> I haven't seen any mention of this on the list yet, but it has been >>>> recently disclosed that applications based on Spring and Java9+ may be >>>> vulnerable to severe RCEs. >>>> >>>> Refs: >>>> • < >>>> https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement >>>> > >>>> • <https://tanzu.vmware.com/security/cve-2022-22965> >>>> • <https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/> >>>> >>>> It appears that CAS 6 may be vulnerable. Our CAS 6.3.7.4 at least >>>> appears to use spring-core-5.3.8.jar. Is there any info available on >>>> planned patches to address these issues? >>>> -- >>>> Baron Fujimoto <[email protected]> :: UH Information Technology Services >>>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Best Regards, >>> Mohamed M. Aboulela >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1355a15a-1113-40aa-b5c8-934b7db8806cn%40apereo.org.
