artembilan
commented
5 months ago We have plans to release a new version of library this Friday. That’s where those dependencies are going to be update.
Thank you for the report!
Closed jesperronn closed 5 months ago
artembilan
commented
5 months ago We have plans to release a new version of library this Friday. That’s where those dependencies are going to be update.
Thank you for the report!
snicoll
commented
5 months ago There’s no need for us to release anything for you to get the fix in spring-core.
spring retry does not need a particular bug fix version of spring core and you should manage the framework version with the bom if you’re not using spring boot.
snicoll
commented
5 months ago I am closing this in favor of #435 as I don't want to imply that the upgrade is necessary for what's described here.
Hi there
https://mvnrepository.com/artifact/org.springframework.retry/spring-retry/2.0.5 reports that spring-core dependency has one vulnerability.
2 questions:
would it be possible for you to prepare a new release that updates the dependency? (seems like Dependabot is not configured correct to catch that)
Are you aware of a workaround that can be used until a new release is ready. If so, please provide an example.
Thanks for your time and effort maintaining this project ❤️