Spring CVE-2024-22233 - v 5.3.31

Hi, there!

Yesterday our pipeline's ORCA reported above mentioned vulnerability on v 5.3.31. I've noticed that v6.0.15 does not carry same vuln. Would be on your roadmap fix this vuln on future 5.x.x version? We are unable to upgrade spring and spring-boot version at this moment.

Thanks in advance.

Comment From: bclozel

Please report this problem to your security tool vendor. Our advisory states that 5.3.x is not vulnerable. See https://spring.io/security/cve-2024-22233/

Comment From: Ribeiro

Please report this problem to your security tool vendor. Our advisory states that 5.3.x is not vulnerable. See https://spring.io/security/cve-2024-22233/

Thanks for your promptly reply. We'll reach ORCA vendor.