jenkins-2.479
Chainguard
Status
Impact
This vulnerability relates to 'spring-security', specifically the 'spring-security-core' dependency. Remediating requires upgrading to 6.3.5 or later. Attempts at upgrading this dependency (under bom/pom.xml upstream), have not been successful, resulting in build failures. Whilst Jenkins v2.479 is the supported LTS release at the time of writing, it is unlikely upstream will address in this release. See:
Status