davidkarlsen
commented
1 year ago Bump - please release a versioning using boot 3.0.7
Closed davidkarlsen closed 1 year ago
davidkarlsen
commented
1 year ago Bump - please release a versioning using boot 3.0.7
ibmmqmet
commented
1 year ago Latest versions of the starter pick up a new version of the MQ client jar which in turn has a new json.jar: 20230227
Please include the following information in your ticket.
[INFO] +- com.ibm.mq:mq-jms-spring-boot-starter:jar:3.0.6:runtime [INFO] | +- com.ibm.mq:com.ibm.mq.jakarta.client:jar:9.3.2.0:runtime [INFO] | | +- org.bouncycastle:bcprov-jdk15to18:jar:1.72:runtime [INFO] | | +- org.bouncycastle:bcpkix-jdk15to18:jar:1.72:runtime [INFO] | | +- org.bouncycastle:bcutil-jdk15to18:jar:1.72:runtime [INFO] | | +- jakarta.jms:jakarta.jms-api:jar:3.1.0:runtime [INFO] | | - org.json:json:jar:20220924:runtime <-- this is vulnerable
https://avd.aquasec.com/nvd/2022/cve-2022-45688/