I am running a spring boot application on spring webflux. Works well but I'd want to update the Reactor Netty HTTP Server to fix this issue https://spring.io/security/cve-2023-34062
I am trying to update the reactor netty on the maven pom file but still does not pass the pipeline security check.
Maven POM File
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>io.projectreactor.netty</groupId>
<artifactId>reactor-netty</artifactId>
<version>1.1.13</version>
</dependency>
<dependencies>
What am I missing? My pipeline still says am running the Reactor Netty library 1.1.12.
I fixed this, was as simple as upgrading my spring boot version.
Was on version
<spring.boot-version>3.1.5</spring.boot-version>
Upgraded to
<spring.boot-version>3.1.6</spring.boot-version>
and the issue was fixed.