[
https://issues.apache.org/jira/browse/PLUTO-767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16809408#comment-16809408
]
Neil Griffin edited comment on PLUTO-767 at 4/4/19 3:55 PM:
------------------------------------------------------------
Fixed in commits
[99dd98a79d6209ac49eea7621228e728a633175b|https://github.com/apache/portals-pluto/commit/99dd98a79d6209ac49eea7621228e728a633175b]
and
[1a55af88718b3e750afad5ec96fc4e5e2853254a|https://github.com/apache/portals-pluto/commit/1a55af88718b3e750afad5ec96fc4e5e2853254a].
was (Author: ngriffin7a):
Fixed in commit
[99dd98a79d6209ac49eea7621228e728a633175b|https://github.com/apache/portals-pluto/commit/99dd98a79d6209ac49eea7621228e728a633175b].
> Upgrade the Spring Framework from version 2.0.2 to 5.1.5.RELEASE
> ----------------------------------------------------------------
>
> Key: PLUTO-767
> URL: https://issues.apache.org/jira/browse/PLUTO-767
> Project: Pluto
> Issue Type: Task
> Components: portal driver, portlet container
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.0.2
>
>
> This issue serves as a task for upgrading the Spring Framework from version
> 2.0.2 to 5.1.5.RELEASE (the latest version as of the time of this writing for
> the main org.springframework modules but also for the
> org.springframework.security groupId modules). This upgrade is necessary
> because version 2.0.x is no longer supported by Pivotal and also it contains
> the following known security vulnerabilities:
> - CVE-2016-5007
> - CVE-2015-3192
> - CVE-2018-1275
> - CVE-2018-1272
> - CVE-2018-1271
> - CVE-2018-1270
> - CVE-2018-1257
> - CVE-2016-9878
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
