OlgaMaciaszek
commented
5 months ago Hello @MelleD, we only provide fileupload to avoid transitive vulnerability from feign-form as they have not released an upgrade. Please report it there.
Closed MelleD closed 5 months ago
OlgaMaciaszek
commented
5 months ago Hello @MelleD, we only provide fileupload to avoid transitive vulnerability from feign-form as they have not released an upgrade. Please report it there.
MelleD
commented
5 months ago Hello @OlgaMaciaszek, looks like you need a new or own project from feign-form. The last change is 5 years ago in this project and the only use case is here:
https://github.com/OpenFeign/feign-form/blob/master/feign-form-spring/src/main/java/feign/form/spring/converter/SpringManyMultipartFilesReader.java#L33
Off course I can also exclude the feign-form, but in future it see that you should remove this dead project.
OlgaMaciaszek
commented
5 months ago I understand, however the entire Spring Cloud OpenFeign project is now in maintenance mode only. We fix bugs and stay on top of vulnerabilities, but not much more. We suggest migrating over to Spring Interface Clients moving forward. The feign-form project is independently maintained.
MelleD
commented
5 months ago I understand, however the entire Spring Cloud OpenFeign project is now in maintenance mode only.
Oh ok good to know, is there a public announcement?
We suggest migrating over to Spring Interface Clients moving forward. The feign-form project is independently maintained.
Do you mean this one? https://docs.spring.io/spring-framework/reference/web/webflux-http-interface-client.html and https://www.baeldung.com/spring-5-webclient
OlgaMaciaszek
commented
5 months ago @MelleD announced here. I mean this: https://docs.spring.io/spring-framework/reference/integration/rest-clients.html#rest-http-interface
MelleD
commented
4 months ago @OlgaMaciaszek thanks a lot
Is your feature request related to a problem? Please describe. Outdated and old dependencies from fileupload make some issues with other libs.
Describe the solution you'd like The Artifact Id and version of FileUpload will change. In this version many transitive dependency versions are raised. It would be great if spring feign cloud include the new FileUpload 2 version directly.
See https://github.com/apache/commons-fileupload/blob/master/pom.xml#L27
<artifactId>commons-fileupload2</artifactId>If something is breaking the M2 could be used for a small test https://central.sonatype.com/artifact/org.apache.commons/commons-fileupload2