> On Jul 20, 2022, at 8:43 AM, Shawn McKinney <[email protected]> wrote: > > I’d need to be convinced that going with a previous version of spring > security to match the core is advisable due to all of the CVE’s. In any > case, there isn’t a a 5.3.22 spring core version.
Err, the other way around. … There isn’t a spring security core version that matches up with spring core. Going with a previous spring security release means picking up CVE’s. As most of their previous releases are flagged with vulnerabilities: https://mvnrepository.com/artifact/org.springframework.security/spring-security-core Meaning we need to use the latest of each. What am I missing here? Thanks — Shawn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
