[ https://issues.apache.org/jira/browse/VELOCITY-954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524193#comment-17524193 ]
Michael Osipov commented on VELOCITY-954: ----------------------------------------- You can easily override the version and you should. We can't race version for version. > spring-velocity-support involve CVE-2022-22965 > ----------------------------------------------- > > Key: VELOCITY-954 > URL: https://issues.apache.org/jira/browse/VELOCITY-954 > Project: Velocity > Issue Type: Bug > Affects Versions: 2.3 > Reporter: zhaizeyu > Priority: Major > > spring-velocity-support 2.3 contains passive dependencies spring-beans 5.3.4 > spring-beans involve vulnerabilities CVE-2022-22965,need to upgrade component > to fix the vulnerability -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org