Security issues in transitive dependency of jettison-1.51 (SPRING-CLOUD-DATAFLOW 2.10.2)

[obaSAP]

Hello,

We've found the following security issue in the transitive dependency of jettison 1.5.1 in version 2.10.2:
Would appreciate your kind assistance with fixing the issue.
https://www.mend.io/vulnerability-database/CVE-2023-1436
Thanks & BR,
Omri.

[onobc]

SCDF manually specifies 1.5.1 - we will update code to 1.5.2

[onobc]

By the time of the release Jettison 1.5.2 already has CVE. Same for jettison 1.5.3. We are going to use 1.5.4 which does not have CVE (yet).