welcome[bot]
commented
4 weeks ago Greetings from Munich! 🥨 Thank you very much for participating in our project by opening this issue! ❤ We will take a look at your issue as soon as possible! 👀
Closed hupling closed 3 weeks ago
welcome[bot]
commented
4 weeks ago Greetings from Munich! 🥨 Thank you very much for participating in our project by opening this issue! ❤ We will take a look at your issue as soon as possible! 👀
devtobi
commented
4 weeks ago @hupling The version number for Spring related dependencies is directly inherited using dependencyManagement mechanism via the Spring parent POM. That's why we don't version our dependencies manually. Bumping to a new Spring Boot release is probably the better idea here. However it seems like currently no new Spring boot release is available ATM. Will probably be fixed with the upcoming Spring 3.4 release. Anyways thanks for posting this issue. Will set this to blocked for now.
hupling
commented
4 weeks ago ok
devtobi
commented
3 weeks ago With the new built image of the Gateway 1.1.2 it seems like the vulnerabilities for the Java based code are gone now. (see https://artifacthub.io/packages/helm/it-at-m/refarch-gateway?modal=security-report). Only vulnerabilities in the base RedHat image, but this is out of the scope of this issue. Closing issue.
Bug description
https://artifacthub.io/packages/helm/it-at-m/refarch-gateway?modal=security-report
The Security Report from artifacthub says that you need to update spring boot security.
Why don't you add the version number to your pom. https://github.com/it-at-m/refarch/blob/22ffdb7712acb9ec6a80e70905e90b5b5ec2ee36/refarch-gateway/pom.xml#L133
Expected behaviour
-
Steps for reproduction
-
Affected version
-
Affected component
No response
Last working version (optional)
No response
Operating system
No response
Browser
No response
Relevant log output (optional)
No response
Screenshots (optional)
No response
Additional context (optional)
No response
No duplicate
Code of Conduct