pt., 3 kwi 2026 o 15:58 Angel <[email protected]> napisał(a): > > > If this is Hibernate 5.x it shouldn't be an issue. > > We found out that Hibernate 5.3 still gets security support as its latest > patch version 5.3.38 is rolled out this year and isn't affected by > CVE-2026-0603 so we are considering downgrading hibernate-core to this > specific version. > > Our only concern is that Struts lists hibernate-core 5.6.15 as its > dependency. Should we expect any issues by downgrading to 5.3?
Basically Struts doesn't use Hibernate, it's only usage is the case with detecting proxies to properly resolve members SecurityMemberAccess. This question is rather to you - if your app is ready to support a downgraded version. Cheers Łukasz --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
