Is your feature request related to a problem? Please describe.

In projects using the spring-cloud-starter-netflix-eureka-client I am facing multiple security vulnerabilities (e.g.woodstox,xstream) due to transitive eureka-core required dependency.

Describe the solution you'd like

I do not see it being used in the client starter at all. It is also defined as an optional in spring-cloud-netflix-eureka-client module. Is this dependency in starter really needed? Can't it be removed or marked as an optional?

Describe alternatives you've considered

It is possible to exclude the dependency in the project POMs but it is rather hacky solution which only obfuscates the XML.

Comment From: StrawHat248

Same question as @PrzemyslawSwiderskim, are you guys planning on updating the spring-cloud-netflix-eureka-client module ? Also if you are planning which release ? If you can tell me these details that would be great help.

Comment From: OlgaMaciaszek

Thanks @PrzemyslawSwiderski, @StrawHat248. Makes sense.