NVT 0.113881 Spring Boot has wrong EOL date

The NVT reports:
CPE: cpe:/a:vmware:spring_boot:2.7.5
Installed version: 2.7.5
Location/URL: /home/gitlab-runner/.sdkman/candidates/grails/5.2.5/lib/org.springframework.boot/spring-boot/jars/spring-boot-2.7.5.jar
EOL version: 2.7
EOL date: 2023-05-18

But looking at https://spring.io/projects/spring-boot#support, EOL for 2.7.x is 2023-11-18.

I tried overriding the NVT but that overrides all versions of Spring Boot. Any way to patch to correct date?


Hello, welcome to this community forums and thanks a lot for your posting.

It needs to be explicitly noted that the version wasn’t wrong as the vendor initially defined 2023-05-18 last year when the check was implemented:

Usually it is not that common that a vendor is moving EOL dates around but it might always happen and community notifications about that is always highly appreciated so thanks a lot again :+1:

The EOL date will be updated based on the newly provided vendor info accordingly and should be available in one of the next feed updates.


Awesome, thanks for the quick reply!