There is a vulnerability in Spring Framework 5.3.18,upgrade recommended

Open QiAnXinCodeSafe opened this issue 3 years ago • 1 comments

https://github.com/microsoft/botbuilder-java/blob/fd8ceb672fc1da2488711210cbbfd62b39b54919/libraries/bot-integration-spring/pom.xml#L72-L76

CVE-2022-22968 CVE-2022-22971 CVE-2022-22970

Recommended upgrade version：5.3.20

Aug 30 '22 09:08 QiAnXinCodeSafe

@tracyboehrer could you take a look/assing this?

Aug 30 '22 18:08 axelsrz