[MS-43811] remediate tomcat vulnerability (!372) · Merge requests · OSDU Software / OSDU Data Platform / System / Reference and Helper Services / Unit

VidyaDharani Lokam requested to merge az/vl-fix-tomcat-vul into master Jul 11, 2024

update spring-boot version to 3.3.1 to remediate tomcat vulnerability.

mvn dependency:tree before changes:

[INFO] +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.20:compile
[INFO] |  \- org.apache.tomcat:tomcat-annotations-api:jar:10.1.20:compile
[INFO] \- net.minidev:json-smart:jar:2.5.0:compile
[INFO]    \- net.minidev:accessors-smart:jar:2.5.0:compile

mvn dependency:tree after changes:

[INFO] |  +- org.springframework.security:spring-security-web:jar:6.3.1:compile
[INFO] |  |  \- org.springframework.security:spring-security-core:jar:6.3.1:compile
[INFO] |  |     \- org.springframework.security:spring-security-crypto:jar:6.3.1:compile
[INFO] |  +- org.springframework.security:spring-security-config:jar:6.3.1:compile
[INFO] |  \- com.nimbusds:nimbus-jose-jwt:jar:9.37.3:compile
[INFO] |     \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.25:compile
[INFO] |  \- org.apache.tomcat:tomcat-annotations-api:jar:10.1.25:compile
[INFO] \- net.minidev:json-smart:jar:2.5.0:compile

Edited Jul 11, 2024 by VidyaDharani Lokam

[MS-43811] remediate tomcat vulnerability

Merge request reports