+1 On Thu, May 21, 2020 at 8:57 AM Ju@N <jujora...@gmail.com> wrote:
> +1 > > On Thu, 21 May 2020 at 16:53, Anthony Baker <bak...@vmware.com> wrote: > > > +1 > > > > > On May 21, 2020, at 8:51 AM, Owen Nichols <onich...@pivotal.io> wrote: > > > > > > Some automated scans have flagged Geode Pulse as potentially containing > > “high" security vulnerability CVE-2020-5407. > > > > > > Analysis shows that this saml vulnerability is not applicable to Geode > > Pulse. > > > > > > It is low risk to bump the spring-security dependency to the latest > > version to avoid false positives in automated scans. This change is > > already on develop and all tests have passed. It would be nice to > include > > this in 1.13. > > > > > > -Owen > > > > > > -- > Ju@N >
