frankvicky commented on PR #3993: URL: https://github.com/apache/ambari/pull/3993#issuecomment-2813310323
Hi @JiaLiangC, Thanks for the question. I think we should redefine the scope of this issue. The `spring-web` and `security` modules have CVE issues, but we can resolve the `spring-web` issue by upgrading to a minor version. We should open another ticket to track the `security` CVE issue, as we were unable to resolve it by upgrading to a minor version. c.c @jojochuang -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ambari.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ambari.apache.org For additional commands, e-mail: dev-h...@ambari.apache.org