We have just released Atlassian Connect Spring Boot versions 4.0.6 and 3.0.10
These are maintenance releases to update some of the project dependencies. These changes are to address recently disclosed vulnerabilities in the tomcat-embed-core component, introduced through Spring Boot.
Please also recall the upcoming end-of-life of Spring Boot 2 as noted in Atlassian developer changelog
From November 18, 2023 there will be no further Spring Boot 2 based releases.
We are getting prepared for this migration, but I’m asking to avoid misunderstanding.
By saying end-of-life, you mean the end of Atlassian support for atlassian-connect-spring-boot 3.x right?
Will Spring Boot 2 and ACSB 3.x based apps, still be allowed to be listed and released in Atlassian App Marketplace after November 18, 2023?
we would like to be sure: Apps using ACSB 3.x will still work after November 18?
@AliUstun @PeterAppsvio I’m referring to our release of ACSB in this announcement. We’re lining up the EOL of this version of ACSB with the EOL announced for Spring Boot 2.x
We’d highly recommend transitioning to supported versions of the underlying frameworks used by your app but there is no planned prohibition on apps at the EOL date.
However, it’s important to note that according to Atlassian’s cloud app security requirements, apps must not use versions of dependencies with known critical/high severity issues.