wilkinsona
commented
2 years ago Sorry, I don't understand what you're suggesting. The dependency management plugin does not depend upon Spring Boot or Jackson. Can you please clarify?
Closed cyber-barrista closed 2 years ago
wilkinsona
commented
2 years ago Sorry, I don't understand what you're suggesting. The dependency management plugin does not depend upon Spring Boot or Jackson. Can you please clarify?
cyber-barrista
commented
2 years ago Sorry for the ambiguous articulation. The latest version of the plugin sets Spring Boot version to 2.4.3 by default. This one is vulnerable because of the Jackson issue (see above). The question/suggestion is about bumping the default Spring Boot up to 2.5.* within the next plugin release.
wilkinsona
commented
2 years ago This plugin doesn't know anything about Spring Boot or its versions. Spring Boot uses this plugin for dependency management, with Spring Boot instructing this plugin to import the spring-boot-dependencies bom. The version of the bom that is imported is controlled by the version of the Spring Boot plugin that you have applied.
Hi there! Any plan on including Spring Boot 2.5.0 into the next version? It fixes a rather important Jackson issue (see https://github.com/spring-projects/spring-boot/issues/29569 for example).