Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the annoying vulnerability Github report about spring-core #178

Closed
bbottema opened this issue Oct 27, 2018 · 1 comment
Closed

Fix the annoying vulnerability Github report about spring-core #178

bbottema opened this issue Oct 27, 2018 · 1 comment
Assignees
@bbottema
Labels
Priority-Low security
Milestone
5.0.8

Comments

@bbottema
Copy link
Owner

bbottema commented Oct 27, 2018
edited
Loading

So, Simple Java Mail doesn't actually do anything with Spring, except for playing nice with a range of versions by being able to translate Spring-read properties to Simple Java Mail configuration. It is also an optional dependency, so users don't have to use Spring at all.

As it is an optional dependency, it is not pulled in transitively by other projects. This in turn means other projects are free to use any version of Spring. The solution then is simple: simply upgrade the optional dependency version from 4.3.11.RELEASE to 4.3.18.RELEASE.
bbottema added a commit that referenced this issue Oct 27, 2018
@bbottema
#178: upgraded Spring 4.3.11.RELEASE -> 4.3.18.RELEASE (has no impact…
a19306f 
… on library users whatsoever)
@bbottema
Copy link
Owner Author

Released in 5.0.8.

@bbottema bbottema self-assigned this Oct 27, 2018
@bbottema bbottema added this to the 5.0.8 milestone Oct 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bbottema bbottema

Labels
Priority-Low security
Projects
None yet
Milestone
5.0.8
Development

No branches or pull requests
1 participant
@bbottema