Can someone let me know if spring-cloud-starter-aws-messaging version 2.2.6 is affected by CVE-2022-31159 due to the dependency on aws-java-sdk-s3 version 1.11.792 ?
Dependency tree
+- org.springframework.cloud:spring-cloud-starter-aws-messaging:jar:2.2.6.RELEASE:compile
[INFO] | +- org.springframework.cloud:spring-cloud-starter-aws:jar:2.2.6.RELEASE:compile
[INFO] | | +- org.springframework.cloud:spring-cloud-aws-context:jar:2.2.6.RELEASE:compile
[INFO] | | | \- org.springframework.cloud:spring-cloud-aws-core:jar:2.2.6.RELEASE:compile
[INFO] | | | +- com.amazonaws:aws-java-sdk-s3:jar:1.11.792:compile
[INFO] | | | | \- com.amazonaws:aws-java-sdk-kms:jar:1.11.792:compile
2.2.6 is the latest version of spring-cloud-starter-aws-messaging. Is there any plan to bump up the version of aws-java-sdk-s3 to at-least 1.12.261 in spring-cloud-starter-aws-messaging so that CVE tracker tools do not flag this artifact?
Is spring-cloud-starter-aws-messaging, version 2.2.6 compatible with aws-java-sdk-s3 version 1.12.261 so that I can upgrade the version of aws-java-sdk-s3 in my pom?
