Yuanhua Han created DIRMINA-1182:
------------------------------------
Summary: Is there any plan to fix the dependent vulnerabilities of
Spring Framework 2.5.6.SEC03?
Key: DIRMINA-1182
URL: https://issues.apache.org/jira/browse/DIRMINA-1182
Project: MINA
Issue Type: Wish
Affects Versions: 2.2.3, 2.1.8
Reporter: Yuanhua Han
Attachments: image-2024-10-08-22-47-47-371.png,
image-2024-10-08-22-49-52-441.png, image-2024-10-08-22-54-11-235.png
Hello, we found that Apache MINA 2.2.3 and 2.1.8 both depends on spring
2.5.6.SEC03(corresponding to Spring Framework software), which is a very old
version (released on Sep 09, 2011) and has been EOL-ed.
It seems that spring 2.5.6.SEC03 have some vulnerabilities(this artifact was
moved to spring-core and spring-core 2.5.6.SEC03 have vulnerabilities).
https://mvnrepository.com/artifact/org.springframework/spring
!image-2024-10-08-22-47-47-371.png!
https://mvnrepository.com/artifact/org.springframework/spring-core/2.5.6.SEC03
!image-2024-10-08-22-54-11-235.png!
Does these vulnerability affect Apache MINA? If yes, can I ask if there are any
plans of Apache MINA community to adapt to the new version of Spring Framework
to fix these vulnerabilities?
Thanks.
The detailed dependencies are as follows:
mina-integration-xbean 2.2.3/2.1.8 ---> spring 2.5.6.SEC03
mina-example 2.2.3/2.1.8 ---> spring 2.5.6.SEC03
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
