Upgrade org.springframework:spring-web to version 6 on Jenkins Java 17 and Java 21

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      Hello There,

      I am seeing that when running a security scan on Jenkins I see the CVE-2016-1000027 being reported.

      I can understand that on JENKINS-71766 it says that you can not upgrade Spring until Jenkins supports Java 17.

      Seeing as the recent blog post that Jenkins now only supports Java 17 and Java 21 it should now be possible to upgrade Spring.

      https://www.jenkins.io/blog/2024/06/11/require-java-17/

      Will Spring Framework be upgraded to remove the CVE now that Jenkins runs on the supported version that has the fix.

      Since this is a 9.8 CVE we need an idea of when this can be fixed to pass our security scans.

            Assignee:
            Unassigned
            Reporter:
            Tom Lorentsen
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: