Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73365

Upgrade org.springframework:spring-web to version 6 on Jenkins Java 17 and Java 21

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • core
    • None
    • 2.464

      Hello There,

      I am seeing that when running a security scan on Jenkins I see the CVE-2016-1000027 being reported.

      I can understand that on JENKINS-71766 it says that you can not upgrade Spring until Jenkins supports Java 17.

      Seeing as the recent blog post that Jenkins now only supports Java 17 and Java 21 it should now be possible to upgrade Spring.

      https://www.jenkins.io/blog/2024/06/11/require-java-17/

      Will Spring Framework be upgraded to remove the CVE now that Jenkins runs on the supported version that has the fix.

      Since this is a 9.8 CVE we need an idea of when this can be fixed to pass our security scans.

            Unassigned Unassigned
            tomdevops Tom Lorentsen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: