Spring AI Vulnerabilities in Spring AI Vector Stores dependencies

While analyzing dependencies in IntelliJ IDEA, I identified that some vector stores have the following vulnerabilities in vector database Java clients: - Milvus: CVE-2025-55163 and CVE-2024-7254, - Qdrant: CVE-2024-7254 and CVE-2025-55163, - Typesense: CVE-2023-3635, - Weaviate: CVE-2025-55163.

Also it could be an opportunity to upgrade these vector database Java clients.

Comment From: nicolaskrier

I have tried to use the latest version of Qdrant Java Client containing security fixes with a Spring AI 1.1.2 project but I got an exception by doing so:

java.lang.ClassNotFoundException: io.qdrant.client.grpc.Points$PointId

That is why I believe some modifications have to be applied on the code base to be able to use this latest version of Qdrant Java Client.

Another option could be just upgrading the dependencies having vulnerabilities like in this commit.