Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Jersey 2.34 #27266

Closed
snicoll opened this issue Jul 12, 2021 · 2 comments
Closed

Upgrade to Jersey 2.34 #27266

snicoll opened this issue Jul 12, 2021 · 2 comments
Labels
type: dependency-upgrade A dependency upgrade
Milestone
2.6.0-M1

Comments

@snicoll
Copy link
Member

snicoll commented Jul 12, 2021

No description provided.

@snicoll snicoll added the type: dependency-upgrade A dependency upgrade label Jul 12, 2021
@snicoll snicoll added this to the 2.6.0-M1 milestone Jul 12, 2021
@peter-janssen
Copy link
Contributor

Can this be backported to 5.x? There is a security finding on 2.33 and prior, see CVE-2021-28168.

@snicoll
Copy link
Member Author

snicoll commented Aug 3, 2021

@peter-janssen no it can't. Our third party policy states that:

These libraries are upgraded only at the patch level for any given Spring Boot patch release.

You can use jersey.version to override it if needed or ask the Jersey team to backport the CVE fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: dependency-upgrade A dependency upgrade
Projects
None yet
Milestone
2.6.0-M1
Development

No branches or pull requests
2 participants
@snicoll @peter-janssen