kangkaisen created KYLIN-1893: --------------------------------- Summary: Upgrade spring-boot framework because of security vulnerabilities Key: KYLIN-1893 URL: https://issues.apache.org/jira/browse/KYLIN-1893 Project: Kylin Issue Type: Bug Components: REST Service Affects Versions: v1.5.2 Reporter: kangkaisen Assignee: Zhong,Jason Priority: Critical
The Spring Boot Framework has a expression of SPEL type injection common vulnerabilities, which affect versions is 1.1-1.3.0. we need upgrade to version 1.3.1 or later. https://www.chinacybersafety.com/tag/the-common-vulnerabilities-and-high-risk-vulnerabilities-early-warning-framework-spring-boot -- This message was sent by Atlassian JIRA (v6.3.4#6332)