[CAM-11757] Update Spring dependency to Spring 5 in core engine - camunda JIRA

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: L3 - Default
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 7.14.0, 7.14.0-alpha3
Component/s: None
Labels:
None

Description

The core engine has a spring-beans dependency which is used for bootstrapping the engine via camunda.cfg.xml. It currently uses Spring 3, which is out of support for a long time already and has several known vulnerabilities. While the engine can be safely used with Spring 4 and Spring 5 already, by default we pull in an unsafe dependency which then e.g. shows up in vulenerability report tools.

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Issue Links

is related to

CAM-11422 Extract the managed Spring artifacts' version from the parent

Closed

Activity

People

Assignee:: Hariharan Parasuraman

Reporter:: Thorben Lindhauer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Apr/20 9:04 AM

Updated:: 15/Jun/21 9:59 AM

Resolved:: 18/Aug/20 3:33 PM