Some automated scans have flagged Geode Pulse as potentially containing “high" security vulnerability CVE-2020-5407.
Analysis shows that this saml vulnerability is not applicable to Geode Pulse. It is low risk to bump the spring-security dependency to the latest version to avoid false positives in automated scans. This change is already on develop and all tests have passed. It would be nice to include this in 1.13. -Owen
