Details
-
Quality Risk
-
Resolution: Unresolved
-
Major
-
None
-
spring-boot-starter-3.4.0.Final
-
None
Description
Hello!
First of all, thank you for providing this amazing library and the effort you put into it.
Since the weekend, we get some security warnings from the OWASP scanner in our builds for
resteasy-spring-boot-starter-3.4.0.Final.jar: CVE-2020-1695
resteasy-jaxrs-3.11.2.Final.jar: CVE-2020-1695
It looks like version 3.4.0 of the starter itself has been marked as unsafe and it also sadly still pulls in the 3.11.2 versions of the resteasy libraries.
Since those security issues are ranked quite highly, will there be a release of a "3.4.1" version that pulls in the safe 3.12.0.Final resteasy libraries?
I absolutely thank you for your efforts in advance!