Will there be a 2021.0.x release with spring-cloud-function:3.2.3?

spring-cloud / spring-cloud-release

Spring Cloud Release Train - dependency management across a wide range of Spring Cloud projects.

http://projects.spring.io/spring-cloud

Apache License 2.0

874 stars 179 forks source link

Will there be a 2021.0.x release with spring-cloud-function:3.2.3? #239

Closed elefeint closed 2 years ago

elefeint commented 2 years ago

spring-cloud-function:3.2.3 addresses CVE-2022-22963. The latest Spring Cloud train release, 2021.0.1, was using spring-cloud-function:3.2.2.

Will there be a release of Spring Cloud 2021.0.x train that pulls in the fixed version of Function, or should we be overriding the Spring Cloud Function version manually in Spring Cloud GCP?

spencergibb commented 2 years ago

See https://github.com/spring-cloud/spring-cloud-release/milestones?direction=asc&sort=due_date&state=open

2021.0.2 will be released on April 19, 2022. GCP and users can override the version in the meantime.

jinsenianhua-ai commented 2 years ago

Why the mvnrepository not have version 2021.0.2 and when can we use version 2021.0.2? https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-dependencies

spencergibb commented 2 years ago

We had to delay the release. BTW mvnrepository is an index and will have delays

jinsenianhua-ai commented 2 years ago

we use Spring Cloud train release, 2021.0.1. Can we use spring cloud function: 3.1.7 to fix this vulnerability（CVE-2022-22963）