Hi Doug, It requires ServiceMix Bundles for Spring 5.2.9.
I’m currently creating the Spring bundles (see https://issues.apache.org/jira/browse/SM-4529 <https://issues.apache.org/jira/browse/SM-4529>) and I will submit release to vote soon (probably during the week end). So, it’s not just changing the features XML, SMX bundles are needed first. And yes, Karaf 4.2.10 will have updated Spring versions. Regards JB > Le 23 sept. 2020 à 16:46, Jackson, Douglas <[email protected]> a > écrit : > > Hi! > There seems to be a security defect against the Spring Framework used by > karaf 4.2.9. In order to avoid it, we would need to upgrade to 5.2.9 of the > spring framework. > Would it be possible to replace the spring framework in karaf 4.2.9 with the > 5.2.9 version (i.e. modify the spring feature file to refer to the newer > version). > If not, are there plans to upgrade the spring version in karaf 4.2.10 by any > chance? > Thanks, > Doug
