Security Fix: Update Spring Boot to 3.4.5+ to address CVE‑2025‑22235

[priyakachare]

Issue submitter TODO list

• I've looked up my issue in FAQ
• I've searched for an already existing issues here
• I've tried running main-labeled docker image and the issue still persists there
• I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

Hi team,

We're using kafbat/kafka-ui v1.2.0 and noticed it bundles Spring Boot 3.4.3, which is affected by CVE‑2025‑22235 (high severity: RCE risk via EndpointRequest.to()).

Spring Boot fixed this in 3.4.5 — would you be able to update the dependency in the next release?

Thanks!

Expected behavior

No response

Your installation details

No

Steps to reproduce

No

Screenshots

No response

Logs

No response

Additional context

Resolve high severity issue

[github-actions]

Hi priyakachare! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues.
Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.

[germanosin]

Hi @priyakachare .
Thanks for creating an issue. It is already Spring Boot 3.5.3 in the main branch.
https://github.com/kafbat/kafka-ui/blob/main/gradle/libs.versions.toml#L2