Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
4.4.0
-
None
-
Unknown
Description
I'd like to suggest changing the order of camel-spring-boot-bom and spring-boot-dependencies in <dependencyManagement/> - currently spring-boot-dependencies is listed first, but the camel-parent many times contains updated dependencies with CVE fixes. In the event of the two BOMs containing a <dependencyManagement> entry for the same artifact, listing camel-spring-boot-bom first would mean that the versions from the camel-parent take precedence over spring-boot-dependencies versions and may mean a safer experience.