CVE-2017-8028 for spring-ldap fix
According to the Spring advisory https://spring.io/security/cve-2017-8028 this vulnerability affects Spring-LDAP and not spring-amqp. The linked PR https://github.com/spring-projects/spring-ldap/pull/432/files fixes a package in ldap core, hence the affected package seems to be org.springframework.ldap:spring-ldap-core