There is a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-22047) discovered in spring-data-rest-webmvc which is only fixed in versions 3.4.14 and 3.5.6. Spring Boot 2.3.12 uses the version 3.3.9. Migrating to spring boot 2.4.x or above is not an option for us.\ We would like to use spring-data-rest-webmvc:3.4.14, but we are not sure if it's compatible with spring boot 2.3.12.\ Can we use them together?

Comment From: snicoll

Spring Boot 2.3.x has reached its end of OSS support in May so an upgrade to a supported version is what you should be doing at this time.

Comment From: Sachpat

Spring Boot 2.3.x has reached its end of OSS support in May so an upgrade to a supported version is what you should be doing at this time.

@snicoll thanks for your reply. As there are some people who still use 23x and need some time to migrate to 24x and 25x, coming to the main question regarding compatibility, is spring-data-rest-webmvc:3.4.14 compatible with 23x of Spring Boot?

Comment From: philwebb

We haven't tested spring-data-rest-webmvc 3.4.x against Spring Boot 2.3.x so we can't guarantee compatibility. Having said that, the auto-configuration classes in that area haven't changed much so I suspect you may find the combination works. If it doesn't, you always have the ability to configure Spring Data REST directly rather than relying on Spring Boot's auto-configuration.