Will there be a Spring Boot security upgrade (i.e. 2.3.2. release) with undertow-2.1.1.Final due to the following CVE's disclosed:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10705
- https://nvd.nist.gov/vuln/detail/CVE-2020-10719
?
I can see that it is indirectly addressed in the forthcoming 2.4.0 release: https://github.com/spring-projects/spring-boot/issues/21983
Is there any timeline when 2.4.0 is planned to be released?
Comment From: wilkinsona
We upgraded to Undertow 2.1.3.Final in 2.3.1: https://github.com/spring-projects/spring-boot/issues/21865.