Springboot 3 and Spring Security Upgrade
Because of our current Spring version, some automatic scans are flagging the GCZ for a potential vulnerability. While we have already demonstrated why the GCZ is not susceptible to the vulnerability, and this has been acknowledged by OSDU, the flag will continue to appear ahead of Milestone releases (requiring dismissal) until we have updated Spring to 6.0.0 or higher, which corresponds to Spring 3.x, whereas we are currently on Spring 2.x.
In light of this, we should investigate and scope out the LOE for a Spring upgrade, or discover other solutions.
Edited by Levi Remington