Comment From: aritterath
This update gives me a warning with Dependency-Check plugin:
spring-security-core-5.3.3.RELEASE.jar
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Is this maybe a false detection? Because the description is about Spring Framework 5.0.5 from 2018.
Comment From: wilkinsona
It certainly looks like a false detection to me.