Home > Net >  Vulnerabilities list in Spring boot 3.0.2
Vulnerabilities list in Spring boot 3.0.2

Time:01-24

I am planning to upgrade services from spring boot 2.2.6 to 3.0.2. I want to know if latest spring boot version has any new vulnerabilities and if all old vulnerabilities have been fixed in the spring boot latest version? Where can I get this information?
Note : I can see list of 57 vulnerabilities from maven repository in 2.2.6 version, but it did not list any vulnerabilities for 3.0.2 version. While spring might have fixed direct vulnerabilities, there can be few vulnerabilities which are coming from transitive dependency. Is there a way to find all vulnerabilities coming from direct and transitive dependencies ?

CodePudding user response:

The answer is not easy, because we don't know all your used (sub-)dependencies. And an answer can be outdate in a couple of hours/days/weeeks ...

But you can lookup the dependencies manually with the new MavenCentral-website.
An example: When you search for "Spring JPA", then you will find this site: Image of OSS-index at MavenCentral Image of pom.xml in IntelliJ with warning

Page link:https//www.codepudding.com/net/681399.html

Prev:Is it possible to adjust an array in PostgreSQL to fit with an IN operator?
Next:Using xpath gives empty output
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding