Skip to content

Fix CVE security vulnerabilities

Alok Joshi requested to merge fix_sec_vul into master

Current versions of tomcat-embed-core and jackson-dataformat-cbor have known CVE vulnerabilities. This change addresses the issue by upgrading to the higher minor versions, which don't have any vulnerability.

Below are the listed vulnerabilities for the library versions tomcat-embed-core-9.0.37.jar : CVE-2021-25122, CVE-2021-24122, CVE-2021-25329 jackson-dataformat-cbor-2.11.3.jar : CVE-2020-28491

We plan to create a release candidate with this change and use it in services to resolve the same issue there too.

The vulnerabilities were flagged in SLB's internal Whitesource scan

Edited by Alok Joshi

Merge request reports