[ https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Himanshu Maurya reassigned RANGER-4038: --------------------------------------- Assignee: Himanshu Maurya > Upgrade springframework.version (spring-core) from 5.3.23 to 6.0.0 > ------------------------------------------------------------------ > > Key: RANGER-4038 > URL: https://issues.apache.org/jira/browse/RANGER-4038 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Himanshu Maurya > Assignee: Himanshu Maurya > Priority: Major > > Pivotal Spring Framework through 5.3.16 suffers from a potential remote code > execution (RCE) issue if used for Java deserialization of untrusted data. > Depending on how the library is implemented within a product, this issue may > or not occur, and authentication may be required. NOTE: the vendor's position > is that untrusted data is not an intended use case. The product's behavior > will not be changed because some users rely on deserialization of trusted > data. -- This message was sent by Atlassian Jira (v8.20.10#820010)