Hi Axis2 Dev Mailing List, There are some more recent CVEs against Jettison 1.5.0 and Spring Framework 5.3.21 that are in Axis2 v1.8.2 (latest release).
Would it be possible to get an Axis2 build with these module components updated to last release versions? Do I need to download Axis2 1.8.2 source and try to maven build it locally with these modules updated to the new release versions instead? Details: Jettison v1.5.4 addresses CVE-2023-1436 (CVSS v3.1 score in NVD is 7.5) Spring Framework v5.3.27 addresses CVE-2023-20863 (CVSS v3.1 score in NVD is 6.5) Thanks, -Steven Saunder
