Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Spring Boot 3.3.6, tomcat-embed-core 10.1.33: CVE-2024-52317

Description

Upgrade Spring boot from 3.3.4 to 3.3.6.

This indirectly upgrades tomcat-embed-core from 10.1.30 to 10.1.33 fixing mix-up of HTTP/2 requests and/or responses between users: https://www.cve.org/CVERecord?id=CVE-2024-52317

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

Activity

Show:
Done

Details

Assignee

Reporter

Labels

Priority

Development Team

Volaris

Fix versions

Release

Ramsons (R2 2024) Bug Fix

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created December 19, 2024 at 10:50 AM
Updated January 24, 2025 at 2:46 PM
Resolved December 20, 2024 at 5:10 PM
Configure
TestRail: Cases
TestRail: Runs