Critical Vulnerabilities in Spring components picked up by Trivy scan #2410
Description
Expected behavior
No vulnerabilities (especially high or critical severity ones) should be found on a Trivy scan
Actual behavior
Critical vulnerabilities are detected in Spring framework and other components. I'm aware of the closed issue here: #2298 and the fact the vulnerability only applies with JDK9+. This isn't really a satisfactory solution for us . Can you advise if there has been or will be a fix for this issue so that there are no critical or high severity vulnerabilities detected after scanning WebAPI installed from the latest release?