camunda-zeebe-8.7
Chainguard
Status
Impact
The remediation attempt began by upgrading spring-webmvc to 6.2.10. While the build completed successfully, the application failed at startup due to incompatibility with the existing spring-boot version (3.3.11). A subsequent upgrade of spring-boot to 3.4.7 also failed at build time. This indicates an upstream dependency misalignment between Spring Boot and Spring WebMVC. Upstream must resolve these versioning inconsistencies before we can successfully upgrade and remediate the vulnerability.
Status