The Micronaut Foundation is excited to announce the release of Micronaut framework 3.8.7!
This is a patch release, and it contains bug fixes. Moreover, Micronaut 3.8.7 includes patch releases of several modules – Micronaut Serialization, Micronaut CRaC, Micronaut Kafka, Micronaut AOT, and Micronaut GCP.
Moreover, update your application to version 3.7.4 of the Micronaut Gradle Plugins if you use Gradle.
Micronaut Framework is not affected by CVE-2022-1471. Micronaut Framework uses SnakeYAML only to load configuration in Micronaut applications. There is only one instance of SnakeYAML instantiation, which uses the Safe Constructor. Using SnakeYaml’s SafeConstructor is the recommended way to prevent CVE-2022-1471.
However, many organizations forbid their teams to use a framework that depends on a vulnerable dependency, even if it is unaffected. Because of that, we decided to update SnakeYAML to the next major version in a patch release of the framework.
If you still need to update to Micronaut framework 3.8, this is an excellent opportunity to do it!
Please feel free to reach out to us if you need any assistance.