Closed jcorderop closed 2 years ago
Hi @jcorderop, thanks for reporting.
The quickfixj spring boot starter inherits from the spring-boot-starter-parent
artifact, which itself inherits from the spring-boot-dependencies
artifact. This latter artifact is the Spring Boot BOM, which is just a Maven POM file with a large dependencyManagement section. This library only sets the version for quickfixj
and uses a couple other libraries for testing.
You can override any of these by adding the version of the library you want to use, i. e.
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.2.11</version>
</dependency>
I agree that this Spring Boot starter needs an upgrade of its parent and be available on higher JDKs. I'll create separate tickets to address these issues separately.
Thanks
Fixed on 2.13.0
hi
Trying to use:
I saw it has those vulnerabilities: https://advisory.checkmarx.net/advisory/vulnerability/CVE-2021-42550/ https://advisory.checkmarx.net/advisory/vulnerability/CVE-2022-22965/ ...
I wanted to double-check with you if you knew about it.