+1
> On May 21, 2020, at 8:51 AM, Owen Nichols <onich...@pivotal.io> wrote:
>
> Some automated scans have flagged Geode Pulse as potentially containing
> “high" security vulnerability CVE-2020-5407.
>
> Analysis shows that this saml vulnerability is not applicable to Geode Pulse.
>
> It is low risk to bump the spring-security dependency to the latest version
> to avoid false positives in automated scans. This change is already on
> develop and all tests have passed. It would be nice to include this in 1.13.
>
> -Owen
