Thanks for marking this concern with us, that’s much appreciated.
I still have a couple of questions regarding your concern though, which I hope you can answer.
Firstly, what version are you talking about?
I am assuming the latest version of Axon Framework, but it would be valuable to know.
Second to that, would you be able to share your findings by creating an issue on the framework’s GitHub page?
Especially vulnerability concerns like this are best suited to be put up there.
The intent of the user group is to discuss approaches or problems regarding the framework, whilst your point more so feels like a concern which should be picked up ASAP.
In that sense, adding an issue is justified if you ask me.
Lastly, if you add the issue, would you be able to specify the exact dependencies which are out of date?
Steven van Beelen
Axon Framework Lead Developer