Upgrading Spring Framework to fix RCE vulnerability on Camunda 7.13

voxparcxls · April 14, 2022, 12:43am

Hello,

I’m trying to upgrade Spring Framework to patched versions (5.3.18 or 5.2.20.RELEASE) from current version 4.3.23.RELEASE.

I’m using Camunda 7.13.0 and Java 8.

I am having various dependency issues when updating to 5.3.18 or 5.2.20 on pom.xml

Are there compatible sets of configuration properties that work with Camunda 7.13.0 when switching to the patched Spring Framework versions?

The spring configuration is manually set and is flexible to adding dependencies Spring 5.3.18 or 5.2.20.RELEASE could need.

Thank you

aravindhrs · April 14, 2022, 5:08am

@voxparcxls You can check the compatible versions from this matrix.

voxparcxls · April 14, 2022, 5:44am

Hi @aravindhrs thanks for the response.

However, i was looking more so info about Camunda and Spring Framework dependencies

Something like this:

– shows the maven dependencies with camunda and spring framework.

This shows Camunda 7.17 with Spring 5.3.18

I wanted to verify if Camunda 7.13 also works with Spring 5.3.18

system · January 31, 2024, 10:12am