Hi, we are on Grails 6.2.3 which is pulling Spring-web 5.3.39, does this version of grails only work with version 5.3.39 or lower? the build is failing when trying to upgrade. may I know which other versions work or do you use which Grails 6.x? Thank you

Grails 6.2.3 uses Spring Boot 2.7.18 and Spring Framework 5.3.39: https://docs.grails.org/6.2.3/guide/single.html#dependencyUpgrades Those were the last open source versions of 2.7.x and 5.3.x released without a commercial support contract from Broadcom (which owns Spring). If 5.3.39 is not working for you, it did pass all the tests in the grails projects, when it was released, you could try Spring Framework 5.3.31-5.3.38.

We are not directly referencing spring-web 5.3.39 directly but it is being pulled by various other plugins we use, when I run dependency check report for vulnerabilites, spring-web 5.3.39 has a critical vulnerability and we are looking to upgrade

Yes, for Grails 6.2.3 we used 5.3.39, since the earlier versions had more vulnerabilities. Spring Boot 2.7.18 technically was built with 5.3.31, but works with 5.3.39, which is the last version of 5.3.x published. I recommend looking at Grails 7.0.0-M4. 7.0.0-M5 will be released in the next day and then we should be on to a release candidate and the final release.

Great, thank you