Hello! A transitive dependency issue has been found in Confluence Analytics:
https://atlassian.sourceclear.io/workspaces/Paaina7/issues/vulnerabilities/26465610
Confluence Analytics has a transitive dependency on the Spring Web MVC library, which has a security bug.
The issue can be fixed by overriding and adding a new direct dependency of the library in your project.
We do not have a confirmed fix for this issue yet. However, newer versions of the library have been released. We suggest that you upgrade to 4.3.20.RELEASE, which is considered safe.
To upgrade, update the pom.xml
file:
{code:java}
CPE | Name | Operator | Version |
---|---|---|---|
confluence server | lt | 7.5.0 | |
confluence server | le | 7.3.4 |