Is your feature request related to a problem? Please describe.
In projects using the spring-cloud-starter-netflix-eureka-client
I am facing multiple security vulnerabilities (e.g.woodstox
,xstream
) due to transitive eureka-core
required dependency.
Describe the solution you'd like
I do not see it being used in the client starter at all. It is also defined as an optional in spring-cloud-netflix-eureka-client
module.
Is this dependency in starter really needed? Can't it be removed or marked as an optional?
Describe alternatives you've considered
It is possible to exclude the dependency in the project POMs but it is rather hacky solution which only obfuscates the XML.
Comment From: StrawHat248
Same question as @PrzemyslawSwiderskim, are you guys planning on updating the spring-cloud-netflix-eureka-client
module ?
Also if you are planning which release ? If you can tell me these details that would be great help.
Comment From: OlgaMaciaszek
Thanks @PrzemyslawSwiderski, @StrawHat248. Makes sense.