Skip to content

Commit

Permalink
chore(dependencies): use version 9.0.83 of tomcat to fix CVE-2023-46589
Browse files Browse the repository at this point in the history 
… (#1155)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
  • Loading branch information
@dbyron-sf @mergify
dbyron-sf and mergify[bot] committed Feb 22, 2024
1 parent 7bd4647 commit 10e2d37
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions spinnaker-dependencies/spinnaker-dependencies.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@ ext {
springfoxSwagger : "3.0.0",
swagger : "1.5.20", //this should stay in sync with what springfoxSwagger expects.

// Spring boot 2.4.13 brings in 9.0.55. Spring boot 2.5.14 brings in
// 9.0.63. Use 9.0.69 to resolve CVE-2022-42252 and CVE-2022-45143. Spring
// boot 2.6.14 and 2.7.6 bring in 9.0.69.
// https://tomcat.apache.org/security-9.html for latest security fixes
tomcat : "9.0.81"
// Spring boot 2.5.15 and 2.6.15 bring in 9.0.75. 2.7.18
// brings in 9.0.83, which fixes all CVEs to date (20-feb-24).
//
// See https://tomcat.apache.org/security-9.html for latest security fixes.
tomcat : "9.0.83"
]
}

Expand Down

0 comments on commit 10e2d37

Please sign in to comment.