Hello, we use currently Spring Boot Stack 2.6.8 with MongoDB integration. Please update the Spring Data Stack to 3.3.5+ as described by https://tanzu.vmware.com/security/cve-2022-22980
Many thanks and best regards,
G. Batalski
Comment From: bclozel
Duplicates #31349
Comment From: mbimbij
naive question:
i know i can declare the spring-data-mongo dependency on its own, but is a spring-boot release with the upgraded dependency scheduled soon ?
so that i could just ask devs to upgrade spring-boot to 2.7.1 or 2.6.9 ?
Thank you
Comment From: markbigler
You can find the milestones with their scheduled date here: https://github.com/spring-projects/spring-boot/milestones
Both, 2.6.9 and 2.7.1, are scheduled for tomorrow.
Comment From: snicoll
@mbimbij Brian closed the issue with a reference to an issue that provides you that information.
Comment From: mbimbij
yes indeed, i missed that milestone information going through the referenced issue
