[jira] [Updated] (SM-5853) Create OSGi bundles for Spring 6.2.11

Geoff Denning (Jira) Sat, 18 Oct 2025 05:09:08 -0700


     [ 
https://issues.apache.org/jira/browse/SM-5853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Geoff Denning updated SM-5853:
------------------------------
    Description: 
The current 6.2.8 version (see SM-5836) has two vulnerabilities:

[CVE-2025-41242|https://nvd.nist.gov/vuln/detail/CVE-2025-41242] (CVSS3 score 
5.9) raised on 2025-08-18.
 * Upgrade to version org.springframework:spring-beans:6.2.10

 * Upgrade to version [https://github.com/spring-projects/spring-framework.git] 
- v6.2.10

[CVE-2025-41249|https://nvd.nist.gov/vuln/detail/CVE-2025-41249] (CVSS3 score 
7.5) raised on 2025-09-16.
 * Upgrade to version org.springframework:spring-core:6.2.11

 * Upgrade to version [https://github.com/spring-projects/spring-framework.git] 
- v6.2.11

 

  was:
The current 6.2.8 version (see SM-5836) has two vulnerabilities:

CVE-2025-41242 (CVSS3 score 5.9) raised on 2025-08-18.
 * Upgrade to version org.springframework:spring-beans:6.2.10

 * Upgrade to version https://github.com/spring-projects/spring-framework.git - 
v6.2.10

CVE-2025-41249 (CVSS3 score 7.5) raised on 2025-09-16.
 * Upgrade to version org.springframework:spring-core:6.2.11

 * Upgrade to version https://github.com/spring-projects/spring-framework.git - 
v6.2.11

 


> Create OSGi bundles for Spring 6.2.11
> -------------------------------------
>
>                 Key: SM-5853
>                 URL: https://issues.apache.org/jira/browse/SM-5853
>             Project: ServiceMix
>          Issue Type: Dependency upgrade
>          Components: bundles
>            Reporter: Geoff Denning
>            Priority: Minor
>
> The current 6.2.8 version (see SM-5836) has two vulnerabilities:
> [CVE-2025-41242|https://nvd.nist.gov/vuln/detail/CVE-2025-41242] (CVSS3 score 
> 5.9) raised on 2025-08-18.
>  * Upgrade to version org.springframework:spring-beans:6.2.10
>  * Upgrade to version 
> [https://github.com/spring-projects/spring-framework.git] - v6.2.10
> [CVE-2025-41249|https://nvd.nist.gov/vuln/detail/CVE-2025-41249] (CVSS3 score 
> 7.5) raised on 2025-09-16.
>  * Upgrade to version org.springframework:spring-core:6.2.11
>  * Upgrade to version 
> [https://github.com/spring-projects/spring-framework.git] - v6.2.11
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (SM-5853) Create OSGi bundles for Spring 6.2.11

Reply via email to