## Spring PetClinic Project Audit Flags Critical Outdated Dependency: Font Awesome 4.7.0 (2016) Still in Use An automated security audit of the `spring-petclinic` project has flagged a critical dependency risk, exposing the application to potential security vulnerabilities due to severely outdated frontend code. The audit, dated April 3, 2026, identified the library `org.webjars.npm:font-awesome:4.7.0` as being over a decade old and two full major versions behind the current stable release. This version, released in October 2016, receives no security or maintenance updates, meaning any known vulnerabilities in the library are permanently embedded in the project's build. The audit report, generated from a static analysis of the project's `pom.xml` file, highlights the significant version gap and the inherent risk of shipping outdated frontend libraries to user browsers. Notably, the scan was limited; the standard security tools `mvn dependency:tree` and OWASP Dependency-Check could not execute due to a blocked JVM environment in the runner. This limitation means the report is based solely on direct dependencies listed in the `pom.xml` and known CVE data, leaving a blind spot for potentially vulnerable transitive dependencies that a full OWASP scan would uncover. The finding places immediate pressure on the project maintainers to address the outdated asset. The persistence of such an old library in a project using a modern Spring Boot 4.0.3 and Java 17 baseline creates a stark security anomaly. The report strongly recommends a follow-up scan with OWASP Dependency-Check for complete transitive dependency coverage, signaling that the current critical warning may only be the surface of a deeper dependency hygiene issue that requires urgent remediation to prevent exploitation. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: security audit, dependency management, vulnerability, open source, software supply chain - **Credibility**: unverified - **Published**: 2026-04-03 08:26:58 - **ID**: 48679 - **URL**: https://whisperx.ai/en/intel/48679