Details
-
Bug
-
Status: Resolved
-
P1
-
Resolution: Fixed
-
2.37.0
-
None
Description
The beam sdk java io kafka uses
org.springframework:spring-expression:4.3.18.RELEASE
which has a transitive dependency of
org.springframework:spring-core:4.3.18.RELEASE
which is affected by the CVE-2022-22965 vulnerability.
References
https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE
Attachments
Issue Links
- is duplicated by
-
BEAM-14256 Upgrade spring expression dependency
- Resolved