[MS-43510] remediate tomcat vulnerability (!474) · Merge requests · OSDU Software / OSDU Data Platform / System / Dataset

VidyaDharani Lokam requested to merge az/vl-fix-tomcat-vul into master Jul 16, 2024

update spring-boot version to 3.3.1 to remediate tomcat vulnerability.
update core-lib-azure-spring6 to 0.27.0-rc3 .

mvn dependency:tree before changes:

[INFO] |  \- io.micrometer:micrometer-observation:jar:1.12.5:compile
[INFO] +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.20:compile
[INFO] |  \- org.apache.tomcat:tomcat-annotations-api:jar:10.1.20:compile
[INFO] +- org.springframework:spring-web:jar:6.1.6:compile

mvn dependency:tree after changes:

[INFO] |  \- io.micrometer:micrometer-observation:jar:1.13.1:compile
[INFO] +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.25:compile
[INFO] |  \- org.apache.tomcat:tomcat-annotations-api:jar:10.1.25:compile
[INFO] +- org.springframework:spring-web:jar:6.1.10:compile

Edited Jul 16, 2024 by VidyaDharani Lokam

[MS-43510] remediate tomcat vulnerability

Merge request reports