CVE-2016-1000027

Unsafe Java deserialization methods in Spring Security

The problem outlined in CVE-2016-1000027 Involves the use of specific classes within the Spring library, which are not utilized by Rundeck/Runbook Automation. Consequently, the product is unaffected by the issues associated with that library.

Presently, there isn't a fix available within the current Spring 5.x framework. However, upon upgrading to the subsequent version of Grails, we will leverage Spring 6 to resolve the issue being flagged by scanners.