as discussed with security@pivotal.com we both agree that this is not a vulnerability in spring boot and can be handled through a PR
Comment From: philwebb
Thanks for the pull-request. This version is only used in our own integration tests, but it's worth upgrading nonetheless.
Comment From: snicoll
I've moved this to a task as it's not user facing and shouldn't show up in the "dependency upgrades" section of the changelog.