Skip to content

[MS-43811] remediate tomcat vulnerability

VidyaDharani Lokam requested to merge az/vl-fix-tomcat-vul into master
  • update spring-boot version to 3.3.1 to remediate tomcat vulnerability.

mvn dependency:tree before changes:

[INFO] +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.20:compile
[INFO] |  \- org.apache.tomcat:tomcat-annotations-api:jar:10.1.20:compile
[INFO] \- net.minidev:json-smart:jar:2.5.0:compile
[INFO]    \- net.minidev:accessors-smart:jar:2.5.0:compile

mvn dependency:tree after changes:

[INFO] |  +- org.springframework.security:spring-security-web:jar:6.3.1:compile
[INFO] |  |  \- org.springframework.security:spring-security-core:jar:6.3.1:compile
[INFO] |  |     \- org.springframework.security:spring-security-crypto:jar:6.3.1:compile
[INFO] |  +- org.springframework.security:spring-security-config:jar:6.3.1:compile
[INFO] |  \- com.nimbusds:nimbus-jose-jwt:jar:9.37.3:compile
[INFO] |     \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.25:compile
[INFO] |  \- org.apache.tomcat:tomcat-annotations-api:jar:10.1.25:compile
[INFO] \- net.minidev:json-smart:jar:2.5.0:compile
Edited by VidyaDharani Lokam

Merge request reports