You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In projects using the spring-cloud-starter-netflix-eureka-client I am facing multiple security vulnerabilities (e.g.woodstox,xstream) due to transitive eureka-core required dependency.
Describe the solution you'd like
I do not see it being used in the client starter at all. It is also defined as an optional in spring-cloud-netflix-eureka-client module.
Is this dependency in starter really needed? Can't it be removed or marked as an optional?
Describe alternatives you've considered
It is possible to exclude the dependency in the project POMs but it is rather hacky solution which only obfuscates the XML.
The text was updated successfully, but these errors were encountered:
Same question as @PrzemyslawSwiderskim, are you guys planning on updating the spring-cloud-netflix-eureka-client module ?
Also if you are planning which release ? If you can tell me these details that would be great help.
Is your feature request related to a problem? Please describe.
In projects using the
spring-cloud-starter-netflix-eureka-client
I am facing multiple security vulnerabilities (e.g.woodstox
,xstream
) due to transitiveeureka-core
required dependency.Describe the solution you'd like
I do not see it being used in the client starter at all. It is also defined as an optional in
spring-cloud-netflix-eureka-client
module.Is this dependency in starter really needed? Can't it be removed or marked as an optional?
Describe alternatives you've considered
It is possible to exclude the dependency in the project POMs but it is rather hacky solution which only obfuscates the XML.
The text was updated successfully, but these errors were encountered: