If you have a security scan flagging a dependency of a CVE (vulnerability) that is used Spring, you should not wait for their next update cycle to update it. You can update it yourself, find out how in this post.
If you have a security scan flagging a dependency of a CVE (vulnerability) that is used Spring, you should not wait for their next update cycle to update it. You can update it yourself, find out how in this post.