[Bug 66011] New: jmeter ships with a vulnerable version of spring

bugzilla Tue, 12 Apr 2022 09:00:02 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=66011


            Bug ID: 66011
           Summary: jmeter ships with a vulnerable version of spring
           Product: JMeter
           Version: 5.4.3
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Main
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: JMETER_5.5

jmeter references a vulnerable version of the sprint framework. My customer
blocks access to all vulnerable versions of spring thus making it imposible for
me to run jmeter from within the jmeter-maven-plugin (which downloads all
jmeter dependencies automagically). 
When will there be a release using a safe version of spring framework (>=
5.3.18)

Regards
René

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 66011] New: jmeter ships with a vulnerable version of spring

Reply via email to