Please add this change to support/1.13, Owen. Thanks, Dave
On 2020/05/21 16:19:49, Dick Cavender <dcaven...@pivotal.io> wrote: > +1 > > On Thu, May 21, 2020 at 8:57 AM Ju@N <jujora...@gmail.com> wrote: > > > +1 > > > > On Thu, 21 May 2020 at 16:53, Anthony Baker <bak...@vmware.com> wrote: > > > > > +1 > > > > > > > On May 21, 2020, at 8:51 AM, Owen Nichols <onich...@pivotal.io> wrote: > > > > > > > > Some automated scans have flagged Geode Pulse as potentially containing > > > “high" security vulnerability CVE-2020-5407. > > > > > > > > Analysis shows that this saml vulnerability is not applicable to Geode > > > Pulse. > > > > > > > > It is low risk to bump the spring-security dependency to the latest > > > version to avoid false positives in automated scans. This change is > > > already on develop and all tests have passed. It would be nice to > > include > > > this in 1.13. > > > > > > > > -Owen > > > > > > > > > > -- > > Ju@N > > >