[FOLIO-3915] spring-module-core: spring-boot-starter-web 3.1.5 fixing tomcat DoS Created: 19/Oct/23 Updated: 02/Nov/23 |
|
| Status: | In Code Review |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Bug | Priority: | P3 |
| Reporter: | Julian Ladisch | Assignee: | Jeremy Huff |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | Other dev |
| RCA Group: | Related dependency upgrade |
| Description |
|
In https://github.com/folio-org/spring-module-core : Upgrade spring-boot-starter-web from 3.1.4 to 3.1.5. This indirectly upgrades tomcat-embed-core from 10.1.13 to 10.1.14 fixing these security vulnerabilities:
|
| Comments |
| Comment by Craig McNally [ 26/Oct/23 ] |
|
Jeremy Huff it looks like Julian Ladisch has opened a PR for this. The security team is wondering if/when you (or others at TAMU) will be able to review and address this? |