Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-1033

Ehcache - OWASP Dependency Check issues

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 3.0.3
    • Fix Version/s: 2.4.3, 3.0.4
    • Component/s: Security
    • Labels:
      None

      Description

      We have recently updated to Spring Boot 2.0.4 (currently the latest version) and our automatic testing has detected a big increase of issue count while checking dependencies (Jenkins Plugin for "OWASP Dependency Check").

      The main "troublemaker" seems to be the Ehcache library that is available as a dependency in the current version of the Spring WS-Security (3.0.3).

      Could you please have a look at the library, and give us a hint if it is secure to exclude it?

        Attachments

          Activity

            People

            • Assignee:
              gregturn Greg Turnquist
              Reporter:
              joshis Petr Dvorak
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: