Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

spring-boot 2.7

Description

mod-ldp uses spring-boot 2.3.1 (org.springframework.boot:spring-boot-starter-parent:2.3.1.RELEASE).

This version has reached end of open source support on 2021-05-20 and end of commercial support on 2022-08-20: https://spring.io/projects/spring-boot/#support

Please upgrade to spring-boot 2.7.

This will fix many vulnerabilities, including

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Charlotte Whitt October 18, 2022 at 1:13 PM

Hi - I'll move this ticket into the current sprint - and you must give it top priority.

CC:

Charlotte Whitt October 18, 2022 at 1:11 PM

No, Julian mod-ldp is not to be removed from platform-complete for Nolana!
We will fix it.

Julian Ladisch October 18, 2022 at 12:09 PM

mod-ldp is a component of the platform-complete flower release:
https://github.com/folio-org/platform-complete/blob/master/install-extras.json

For Nolana the Spring Boot version must be 2.7.* unless it has shifted to folio-vertx-lib:
https://folio-org.atlassian.net/wiki/display/TC/Nolana

Will mod-ldp with folio-vertx-lib be available in time for Nolana, or should mod-ldp been removed from platform-complete for Nolana?

Charlotte Whitt October 18, 2022 at 11:03 AM

Hi - we are considering to shift to folio-vertx-lib. We will get back to you.

CC:

Julian Ladisch October 7, 2022 at 7:32 PM

, : When can we expect a fix for these vulnerabilities?

Done

Details

Assignee

Reporter

Labels

Priority

Sprint

Development Team

Thor

Fix versions

Release

Nolana (R3 2022) Bug Fix

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created August 24, 2022 at 6:51 PM
Updated July 13, 2023 at 2:49 PM
Resolved October 27, 2022 at 11:13 AM
Configure
TestRail: Cases
TestRail: Runs