SpringBoot security vulnerabilities in latest 2.6.3 release

We are doing a security audit right now and have a problem with h2 and Postgres driver versions. They are vulnerable. I see that 2.6.4-SNAPSHOT have these dependencies upgraded, may I ask you when do you plan to release it?

I know that we can patch dependencies individually, but I don't want to double work.

https://security.snyk.io/vuln/SNYK-JAVA-ORGPOSTGRESQL-2390459 https://security.snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-2348247

Comment From: snicoll

@nikoncode The 2.6.4 milestone has a date set so you could figure this out by yourself. We're going to release 2.6.4 tomorrow.

Once again, there's no need to wait for a Spring Boot release to upgrade those, the reference documentation explains how to override a version.