Himanshu Maurya created RANGER-4038:
---------------------------------------
Summary: Upgrade springframework.version (spring-core) from 5.3.23
to 6.0.0
Key: RANGER-4038
URL: https://issues.apache.org/jira/browse/RANGER-4038
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Himanshu Maurya
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code
execution (RCE) issue if used for Java deserialization of untrusted data.
Depending on how the library is implemented within a product, this issue may or
not occur, and authentication may be required. NOTE: the vendor's position is
that untrusted data is not an intended use case. The product's behavior will
not be changed because some users rely on deserialization of trusted data.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
