[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Himanshu Maurya reassigned RANGER-4038:
---------------------------------------
Assignee: Himanshu Maurya
> Upgrade springframework.version (spring-core) from 5.3.23 to 6.0.0
> ------------------------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Assignee: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework through 5.3.16 suffers from a potential remote code
> execution (RCE) issue if used for Java deserialization of untrusted data.
> Depending on how the library is implemented within a product, this issue may
> or not occur, and authentication may be required. NOTE: the vendor's position
> is that untrusted data is not an intended use case. The product's behavior
> will not be changed because some users rely on deserialization of trusted
> data.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
