Upgrading Spring Framework to fix RCE vulnerability on Camunda 7.13


I’m trying to upgrade Spring Framework to patched versions (5.3.18 or 5.2.20.RELEASE) from current version 4.3.23.RELEASE.

I’m using Camunda 7.13.0 and Java 8.

I am having various dependency issues when updating to 5.3.18 or 5.2.20 on pom.xml

Are there compatible sets of configuration properties that work with Camunda 7.13.0 when switching to the patched Spring Framework versions?

The spring configuration is manually set and is flexible to adding dependencies Spring 5.3.18 or 5.2.20.RELEASE could need.

Thank you

@voxparcxls You can check the compatible versions from this matrix.

Hi @aravindhrs thanks for the response.

However, i was looking more so info about Camunda and Spring Framework dependencies

Something like this:

– shows the maven dependencies with camunda and spring framework.

This shows Camunda 7.17 with Spring 5.3.18

I wanted to verify if Camunda 7.13 also works with Spring 5.3.18