What should we do due to the vulnerability of spring cloud function (cve-2022-22963)

spring-cloud / spring-cloud-release

Spring Cloud Release Train - dependency management across a wide range of Spring Cloud projects.

http://projects.spring.io/spring-cloud

Apache License 2.0

874 stars 179 forks source link

What should we do due to the vulnerability of spring cloud function (cve-2022-22963) #241

Closed jinsenianhua-ai closed 2 years ago

jinsenianhua-ai commented 2 years ago

We used spring cloud Hoxton Sr12, due to the vulnerability of spring cloud function (cve-2022-22963), the vulnerability has been updated and repaired. Do we need to upgrade spring cloud function 3.1.7? Or we have to upgrade spring cloud to 2021.0.2?

spencergibb commented 2 years ago

You need to update to the latest version

jinsenianhua-ai commented 2 years ago

spring cloud function 3.1.7 or spring cloud 2021.0.2?

spencergibb commented 2 years ago

spring cloud function 3.1.7, see https://github.com/spring-cloud/spring-cloud-release/milestones?direction=asc&sort=due_date&state=open for upcoming releases

jinsenianhua-ai commented 2 years ago

Thank you very much! We also used spring cloud V2020 0.4, do we also upgrade the spring cloud function to 3.2.3?