Open QiAnXinCodeSafe opened 3 years ago
Thanks, will upgrade later
Since zuul relies on a low version of spring boot, we need to do some planning:
Any updates on this @tuteng? The latest release of pulsar-manager appears to still use a vulnerable version of Spring Boot 2.0.2? It's been nearly three years since this issue was opened....
Edit looks like Spring Cloud Netflix Zuul is EOL and Spring Cloud Gateway is the currently supported alternative... https://github.com/spring-cloud/spring-cloud-netflix/issues/4158
https://github.com/apache/pulsar-manager/blob/d15a0f1e45a3fe9821df51361584dce87e104948/build.gradle#L17
CVE-2020-5421
Recommended upgrade version: 2.1.17.RELEASE