[MS-44010] Remediate tomcat vulnerability (!551) · Merge requests · OSDU Software / OSDU Data Platform / Data Flow / Data Ingestion / Ingestion Workflow

VidyaDharani Lokam requested to merge az/vl-fix-tomcat-vul into master Jul 10, 2024

issue references: https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/issues/270 https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/issues/269 https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/issues/268 https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/issues/267 https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/issues/266 https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/issues/265
update spring-boot version to 3.3.1 to remediate tomcat vulnerability.
update core-lib-azure-spring6 to 0.27.0-rc3 .

mvn dependency:tree before changes:

[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:3.3.0:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.24:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:10.1.24:compile
[INFO] |  +- org.springframework:spring-web:jar:6.1.8:compile

mvn dependency:tree after changes:

[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:3.3.1:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.25:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:10.1.25:compile
[INFO] |  +- org.springframework:spring-web:jar:6.1.10:compile

Edited Jul 18, 2024 by VidyaDharani Lokam

[MS-44010] Remediate tomcat vulnerability

Merge request reports