[FOLIO-3915] spring-module-core: spring-boot-starter-web 3.1.5 fixing tomcat DoS Created: 19/Oct/23  Updated: 02/Nov/23

Status: In Code Review
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P3
Reporter: Julian Ladisch Assignee: Jeremy Huff
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Other dev
RCA Group: Related dependency upgrade

 Description   

In https://github.com/folio-org/spring-module-core :

Upgrade spring-boot-starter-web from 3.1.4 to 3.1.5.

This indirectly upgrades tomcat-embed-core from 10.1.13 to 10.1.14 fixing these security vulnerabilities:



 Comments   
Comment by Craig McNally [ 26/Oct/23 ]

Jeremy Huff it looks like Julian Ladisch has opened a PR for this.  The security team is wondering if/when you (or others at TAMU) will be able to review and address this?

Generated at Thu Feb 08 23:31:43 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.