Closed hohwille closed 1 year ago
Another thing to consider is that our BOM imports the BOM of spring-cloud. However, IMHO spring-cloud-dependencies should be questioned from security PoV: https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-dependencies/
We introduced this for kafka. Our kafka module is more or less deprecated. Hence, we should consider getting rid of this large dependency-tree that can cause more harm than use.
In devon4j we need to do another update to close most recent CVEs: