Morning folks! Just a couple of updates about security vulnerabilities and http4k - and given today's uncovering of the Spring4Shell we thought we'd clarify a couple of bits. Firstly, today we're releasing http4k 4.25.6.0, which contains an upgrade to Jackson for CVE-2020-36518 - we suggest that all users upgrade ASAP. This version is on its way to Maven Central as I type this. Secondly, whilst we are (as with Log4Shell) obviously mainly not affected by Spring4Shell, we did release 4.25.2.0 which had an upgrade to the http4k-serverless-tencent library - this library did contain a dependency on Spring-core due to a transitive update to the serverless lib s*cf-java-events 0.0.4*. However, we were alerted to another vulnerability related to this version so quickly downgraded again to scf-java-events 0.0.2 in http4k 4.25.3.0. In the event that you are using Tencent serverless, we would encourage you to at least double check your http4k version and once again upgrade. Have a great (and secure) day! 🙂