These changes resolve all high vulnerabilities and all critical Vulnerabilities outside of CVE-2016-1000027. This vulnerability has been found to be a false positive. CodeQL conducts code analysis on CWE-502 - Java Serialization. This is the root of the vulnerability. Currently our process is to work around this for now. Then mitigate by upgrading to Spring Boot 3.0 and Spring Web 6.0.
@HuiJun
Resolve dependencies returned by nexus scan.
Originally had 12 critical vulnerabilities.
These changes resolve all high vulnerabilities and all critical Vulnerabilities outside of CVE-2016-1000027. This vulnerability has been found to be a false positive. CodeQL conducts code analysis on CWE-502 - Java Serialization. This is the root of the vulnerability. Currently our process is to work around this for now. Then mitigate by upgrading to Spring Boot 3.0 and Spring Web 6.0.