File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 8080 </suppress >
8181 <suppress >
8282 <notes ><![CDATA[
83- According to https://spring.io/security/cve-2026-22745 this issue only affects serving of static resources via spring-web/webflux
84- on Windows platforms. GoCD does not server static assets from the filesystem via Spring Web resource handler mechanisms (it uses
85- Jetty for static assets alongside custom handlers for artifact downloading.
83+ According to https://spring.io/security/cve-2026-22740 this only affects webflux applications, which GoCD is not.
8684 ]]> </notes >
8785 <packageUrl regex =" true" >^pkg:maven/org\.springframework/spring-.*@4\.3.*$</packageUrl >
86+ <cve >CVE-2026-22740</cve >
87+ </suppress >
88+ <suppress >
89+ <notes ><![CDATA[
90+ According to https://spring.io/security/cve-2026-22741 and https://spring.io/security/cve-2026-22745 these issues
91+ only affects serving of static resources via spring-web/webflux. GoCD does not server static assets from the
92+ filesystem via Spring Web resource handler mechanisms (it uses Jetty for static assets alongside custom handlers for
93+ artifact downloading.
94+ ]]> </notes >
95+ <packageUrl regex =" true" >^pkg:maven/org\.springframework/spring-.*@4\.3.*$</packageUrl >
96+ <cve >CVE-2026-22741</cve >
8897 <cve >CVE-2026-22745</cve >
8998 </suppress >
9099 <suppress >
You can’t perform that action at this time.
0 commit comments