Closed krismarc closed 2 years ago
@krismarc all files in spec
are only used to test the buildpack. You can delete these files locally and not affect the buildpack.
We will work on updating these files.
The spring-core files have been replaced with spring-core-5.3.20.jar.
https://github.com/cloudfoundry/ibm-websphere-liberty-buildpack/pull/544
@kevin-ortega perfect, thank you :)
Dear @kevin-ortega and other maintainers,
there's high scored vulnerability found in spring framework. https://tanzu.vmware.com/security/cve-2022-22950
Is there any plan to upgrade those packages? This triggers Qualys sensors within our company so we can't keep the Buildpack files locally.
./liberty/spec/fixtures/framework_auto_reconfiguration_servlet_2/WEB-INF/lib/spring-core-3.2.3.RELEASE.jar ./liberty/spec/fixtures/framework_auto_reconfiguration_servlet_2_nested/nested/WEB-INF/lib/spring-core-3.2.3.RELEASE.jar ./liberty/spec/fixtures/framework_auto_reconfiguration_servlet_3/WEB-INF/lib/spring-core-3.2.3.RELEASE.jar ./liberty/spec/fixtures/framework_auto_reconfiguration_servlet_4/lib/spring-core-3.2.3.RELEASE.jar ./liberty/spec/fixtures/framework_auto_reconfiguration_servlet_5/spring_app.ear/lib/spring-core-3.2.3.RELEASE.jar ./liberty/spec/fixtures/framework_auto_reconfiguration_servlet_5/spring_app.war/WEB-INF/lib/spring-core-3.2.3.RELEASE.jar
Best regards, K.M.