NVT 0.113881 Spring Boot has wrong EOL date

The NVT reports:
CPE: cpe:/a:vmware:spring_boot:2.7.5
Installed version: 2.7.5
Location/URL: /home/gitlab-runner/.sdkman/candidates/grails/5.2.5/lib/org.springframework.boot/spring-boot/jars/spring-boot-2.7.5.jar
EOL version: 2.7
EOL date: 2023-05-18

But looking at https://spring.io/projects/spring-boot#support, EOL for 2.7.x is 2023-11-18.

I tried overriding the NVT but that overrides all versions of Spring Boot. Any way to patch to correct date?

2 Likes

Hello, welcome to this community forums and thanks a lot for your posting.

It needs to be explicitly noted that the version wasn’t wrong as the vendor initially defined 2023-05-18 last year when the check was implemented:

Usually it is not that common that a vendor is moving EOL dates around but it might always happen and community notifications about that is always highly appreciated so thanks a lot again :+1:

The EOL date will be updated based on the newly provided vendor info accordingly and should be available in one of the next feed updates.

6 Likes

Awesome, thanks for the quick reply!

3 Likes