SpringBoot Upgrade to Infinispan 11.0.11.Final

Comment From: sourabhsparkala

Hello @bclozel,

It would be really appreciated if this infinispan 11.0.11.Final version is updated in spring boot 2.3.x as well? Hence I opened PR #27077. Please let me know if there is anything I can do to make this happen.

Thanks Sourabh

Comment From: bclozel

hello @sourabhsparkala

As outlined in #27077, we can't upgrade to a new major version of Infinispan in the 2.3.x generation. Infinispan 10.1.x depends on smallrye-config 1.3.6 right now. I'm not familiar with CVE-2020-1729 nor Infinispan support, so I don't know if it is possible to backport the security fix or get a 10.1.x version that is not vulnerable to CVE-2020-1729. Please reach out to the Infinispan team for that.

Note that the 2.3.x Spring Boot generation has reached End of Life for its OSS support, so upgrading to Spring Boot 2.4.x might be your best course of action here anyway.