Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Multiple CVE reports published for the Spring Framework
25 views
Skip to first unread message
Mail Sender
May 5, 2018, 5:04:22 AM5/5/18
to YesCart - pure eCommerce, platform with open source
You might consider to upgrade spring version.
More details: https://spring.io/blog/2018/04/05/multiple-cve-reports-published-for-the-spring-framework
YC version of Spring: 4.3.11.RELEASE
Non-vulnerable version of Spring: 4.3.17
Yes Cart
May 7, 2018, 12:50:20 PM5/7/18
to YesCart - pure eCommerce, platform with open source
Yes Cart
May 19, 2018, 6:00:47 AM5/19/18
to YesCart - pure eCommerce, platform with open source
YC-903 has now been resolved and these updates will be part of the 3.5.0 release
Some other things that were upgraded during review:
hibernate.core 5.2.11.Final -> 5.2.17.Final
lucene 6.5.0 -> 6.6.3
cxf 3.2.0 -> 3.2.4
spring-security 4.2.3.RELEASE -> 4.2.6.RELEASE
spring 4.3.11.RELEASE -> 4.3.17.RELEASE
GeDA 3.1.0 -> 3.1.2
javassist 3.18.1-GA -> 3.22.0-GA
groovy-all 2.4.13 -> 2.4.15
spring-ws.version 2.4.0.RELEASE -> 2.4.2.RELEASE
logback.version 1.2.2 -> 1.2.3
Regards,
YC team
Reply all
Reply to author
Forward
0 new messages