bengbengbalabalabeng commented on issue #822: URL: https://github.com/apache/fesod/issues/822#issuecomment-3772889803
According to the official CVE description, [CVE‑2025‑41249](https://www.cve.org/CVERecord?id=CVE-2025-41249) is only triggered under the following conditions: - Spring performs annotation detection on methods inherited from parameterized superclasses or interfaces with unbounded generics - And the application relies on these annotations for method‑level authorization (e.g., `@EnableMethodSecurity`, `@PreAuthorize`, etc.) The `fesod` project does not use `Spring Security` and does not rely on Spring’s method‑level security annotations. The `fesod-shaded` module only includes the ASM/CGLIB utility classes from `spring-core` and does not contain annotation‑processing or security‑related code. Therefore, the vulnerable code paths are never invoked, and the conditions required to trigger this vulnerability do not exist in this project. **So this vulnerability does not affect this project.** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
