patrick-werner
commented
5 years ago The current hapi fhir version uses Spring Boot 2.0.1.Final which should be fine. You also should be careful with using hapi Spring Boot, as it isn't as good maintained as the rest of the code. Some functionalities (e.g transactions) are behaving weird sometimes.
NOTE: Before filing a ticket, please see the following URL: https://github.com/jamesagnew/hapi-fhir/wiki/Getting-Help
Describe the bug Recently I checked some code into the HL7 GitHub REPO that anticipates using HAPI on FHIR 3.6.0. In checking it in, one of my dependencies was on SpringBoot 1.5.0, based on sample code found in the 3.6.0 release, though I'm not quite sure where.
To Reproduce Read: https://github.com/HL7/v2-to-fhir/network/alert/pom.xml/org.springframework.boot:spring-boot/open
Expected behavior HAPI FHIR code and dependencies should not have security vulnerabilities
Screenshots If applicable, add screenshots to help explain your problem.
Environment (please complete the following information):
Additional context Given this is a patch release from 1.5.0 to 1.5.10 or later, I suspect that simply updating the dependency will resolve the issue.