[
https://issues.apache.org/jira/browse/CAMEL-20308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen resolved CAMEL-20308.
---------------------------------
Resolution: Fixed
> Change order of camel-spring-boot-bom and spring-boot-dependencies in
> dependencyManamgent
> -----------------------------------------------------------------------------------------
>
> Key: CAMEL-20308
> URL: https://issues.apache.org/jira/browse/CAMEL-20308
> Project: Camel
> Issue Type: Improvement
> Components: camel-spring-boot
> Affects Versions: 4.4.0
> Reporter: Thomas Cunningham
> Assignee: Thomas Cunningham
> Priority: Major
> Fix For: 4.4.0
>
>
> I'd like to suggest changing the order of camel-spring-boot-bom and
> spring-boot-dependencies in <dependencyManagement/> - currently
> spring-boot-dependencies is listed first, but the camel-parent many times
> contains updated dependencies with CVE fixes. In the event of the two
> BOMs containing a <dependencyManagement> entry for the same artifact, listing
> camel-spring-boot-bom first would mean that the versions from the
> camel-parent take precedence over spring-boot-dependencies versions and may
> mean a safer experience.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
