Uploaded image for project: 'JIRA Components'
  1. JIRA Components
  2. JIRA-91

The jira macro install the vulnerable dependency spring-core 5.3.25

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Blocker
    • None
    • 11.1.0
    • Dependency upgrade
    • None
    • Unknown

    Description

      spring-core 5.3.25 dependency is attached to a CVE. See https://spring.io/security/cve-2025-41249 for the CVE.

      No fixed version is available publicly for 5.3.45 (public versions stop at 5.3.39) and the first available public version which is fixed is 6.2.11. So it will probably require an upgrade of the jira REST API (which seems to be lacking pretty far behind, so it would not be a bad idea anyway).

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. JIRA-90 Upgrade to jira-rest-java-client 7.0.1

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: