You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-dev@portals.apache.org by "Neil Griffin (JIRA)" <ji...@apache.org> on 2019/04/04 15:56:00 UTC
[jira] [Comment Edited] (PLUTO-767) Upgrade the Spring Framework
from version 2.0.2 to 5.1.5.RELEASE
[ https://issues.apache.org/jira/browse/PLUTO-767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16809408#comment-16809408 ]
Neil Griffin edited comment on PLUTO-767 at 4/4/19 3:55 PM:
------------------------------------------------------------
Fixed in commits [99dd98a79d6209ac49eea7621228e728a633175b|https://github.com/apache/portals-pluto/commit/99dd98a79d6209ac49eea7621228e728a633175b] and [1a55af88718b3e750afad5ec96fc4e5e2853254a|https://github.com/apache/portals-pluto/commit/1a55af88718b3e750afad5ec96fc4e5e2853254a].
was (Author: ngriffin7a):
Fixed in commit [99dd98a79d6209ac49eea7621228e728a633175b|https://github.com/apache/portals-pluto/commit/99dd98a79d6209ac49eea7621228e728a633175b].
> Upgrade the Spring Framework from version 2.0.2 to 5.1.5.RELEASE
> ----------------------------------------------------------------
>
> Key: PLUTO-767
> URL: https://issues.apache.org/jira/browse/PLUTO-767
> Project: Pluto
> Issue Type: Task
> Components: portal driver, portlet container
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.0.2
>
>
> This issue serves as a task for upgrading the Spring Framework from version 2.0.2 to 5.1.5.RELEASE (the latest version as of the time of this writing for the main org.springframework modules but also for the org.springframework.security groupId modules). This upgrade is necessary because version 2.0.x is no longer supported by Pivotal and also it contains the following known security vulnerabilities:
> - CVE-2016-5007
> - CVE-2015-3192
> - CVE-2018-1275
> - CVE-2018-1272
> - CVE-2018-1271
> - CVE-2018-1270
> - CVE-2018-1257
> - CVE-2016-9878
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)