There is a vulnerability in Spring Framework 5.3.18,upgrade recommended

microsoft / botbuilder-java

The Microsoft Bot Framework provides what you need to build and connect intelligent bots that interact naturally wherever your users are talking, from text/sms to Skype, Slack, Office 365 mail and other popular services.

http://botframework.com

MIT License

178 stars 115 forks source link

There is a vulnerability in Spring Framework 5.3.18,upgrade recommended #1489

Closed QiAnXinCodeSafe closed 1 year ago

QiAnXinCodeSafe commented 1 year ago

https://github.com/microsoft/botbuilder-java/blob/fd8ceb672fc1da2488711210cbbfd62b39b54919/libraries/bot-integration-spring/pom.xml#L72-L76

CVE-2022-22968 CVE-2022-22971 CVE-2022-22970

Recommended upgrade version：5.3.20

axelsrz commented 1 year ago

@tracyboehrer could you take a look/assing this?