Upon running a security scan our service was detected with high vulnerability related to spring-security-oauth2-client(5.3.10.RELEASE).We tried following both the recommended fixes and tried upgrading it to version 5.6.9 or 5.7.5.But now our application is not starting and gives an error:
Error creating bean with name 'io.pivotal.spring.cloud.config.client.ConfigClientOAuth2BoostrapConfiguration': Invocation of init method failed; nested exception is java.lang.NoSuchFieldError: CLIENT_SECRET_BASIC at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization
Versions we are using:
<dependency>
<groupId>io.pivotal.spring.cloud</groupId>
<artifactId>spring-cloud-services-starter-config-client</artifactId>
<version>3.1.5.RELEASE</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.5.7</version>
</dependency>
I tried to play around with different dependency version but still its giving the same error
