+1 On Thu, 21 May 2020 at 16:53, Anthony Baker <bak...@vmware.com> wrote:
> +1 > > > On May 21, 2020, at 8:51 AM, Owen Nichols <onich...@pivotal.io> wrote: > > > > Some automated scans have flagged Geode Pulse as potentially containing > “high" security vulnerability CVE-2020-5407. > > > > Analysis shows that this saml vulnerability is not applicable to Geode > Pulse. > > > > It is low risk to bump the spring-security dependency to the latest > version to avoid false positives in automated scans. This change is > already on develop and all tests have passed. It would be nice to include > this in 1.13. > > > > -Owen > > -- Ju@N
