SpringBoot CVE-2022-26336 from Apache POI

The fix for CVE-2022-26336 comes in Apache POI version 5.2.1

org.apache.solr:solr-cell module bring in Apache POI.

Hence, posting a question to check whether updating Apache POI to 5.2.1 causes any regression in spring boot? Please let me know.

Comment From: bclozel

It seems you've already asked that to the Solr team, and their issue tracker is the right place for that. The Spring Boot team cannot guarantee dependency upgrades for a project that we're not involved with.