Comment From: peter-janssen
Can this be backported to 5.x? There is a security finding on 2.33 and prior, see CVE-2021-28168.
Comment From: snicoll
@peter-janssen no it can't. Our third party policy states that:
These libraries are upgraded only at the patch level for any given Spring Boot patch release.
You can use jersey.version to override it if needed or ask the Jersey team to backport the CVE fix.