Hi Nikhil,
Although dependencies in question were updated, there is no reason to wait for
release: you could always provide dependency overrides for the ones affected
using the build tool of your choice. Thank you.
Best Regards,
Andriy Redko
Monday, June 3, 2024, 5:52:50 AM, you wrote:
sn> HI Team,
sn> We have recently figured out a critical security vulnerability for
sn> spring-framework that is embedded within CXF package - the same has been
sn> addressed via ticket https://issues.apache.org/jira/browse/CXF-9016 which
sn> is expected to be available in next release versions
sn> 3.5.9
sn>
<https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+3.5.9>
sn> , 4.1.0
sn>
<https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+4.1.0>
sn> , 4.0.5
sn>
<https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+4.0.5>
sn> , 3.6.4
sn>
<https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+3.6.4>
sn> Could you please provide any update (if possible) on the timelines for
sn> these versions ? Particularly version 3.5.9 ?
sn> Thank you in advance.
sn> Regards,
sn> Nikhil
