Announcing atlassian-connect-spring-boot 2.0.6

Hi,

version 2.0.6 of atlassian-connect-spring-boot is now available via Maven Central. This release includes the fix for a security issue introduced in the upgrade to Spring Boot 2.0. This extract from the project changelog summaries the recent incremental releases.

2.0.6 - 2020-05-04

2.0.5 - 2020-04-08

  • ACSPRING-107 Enable configuring paths that require JWT authentication

2.0.4 - 2020-03-02

2.0.3 - 2019-12-17

  • ACSPRING-101 Error installing app with Jackson configured to reject additional properties
  • ACSPRING-102 Set Referrer-Policy response header by default

2.0.2 - 2019-11-22

2.0.1 - 2019-08-30

  • ACSPRING-97 Load all.js from CDN instead of from host product
3 Likes

Awesome! https://snyk.io/vuln/SNYK-JS-LODASH-567746 got identified last week, will there be an ACE upgrade related to this as well?

@boris that is rather off-topic :slight_smile:

But both Snyk and the vulnerability scanning tool that Atlassian uses show that the vulnerability you mention has not yet been fixed in the latest version of lodash.

1 Like

Thanks for posting this here @epehrson! :slight_smile: