Vulenarability
CVE-2020-10687 (https://nvd.nist.gov/vuln/detail/CVE-2020-10687) is been reported in undertow version below 2.2.0. spring-boot-starter-parent 2.3.4 is still using Undertow 2.1.4
Dependency tree
+- org.springframework.boot:spring-boot-starter-undertow:jar:2.3.4.RELEASE:compile
[INFO] | +- io.undertow:undertow-core:jar:2.1.4.Final:compile
Need to upgrade and release a new update
Comment From: snicoll
@shivacharan0551 please consider searching the issue tracker before opening an issue. We already upgraded in 2.4.x and already indicated in that issue why we won't upgrade to a new feature release in a maintenance release of Spring Boot.
Please reach out to the Undertow team to ask them to backport. Alternatively, you can upgrade as explained in the comment I've referenced.
Comment From: snicoll
Duplicate of #23367