You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/10/21 10:02:04 UTC
[myfaces-tobago] branch tobago-5.x updated: build: workaround for
CVE-2021-42340
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch tobago-5.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/tobago-5.x by this push:
new 7252eda build: workaround for CVE-2021-42340
7252eda is described below
commit 7252eda982f9133056450a6ae6262a9afc7c0387
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Thu Oct 21 12:01:05 2021 +0200
build: workaround for CVE-2021-42340
---
tobago-example/tobago-example-spring-boot/pom.xml | 29 +++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/tobago-example/tobago-example-spring-boot/pom.xml b/tobago-example/tobago-example-spring-boot/pom.xml
index c2aa0d8..a58a9dc 100644
--- a/tobago-example/tobago-example-spring-boot/pom.xml
+++ b/tobago-example/tobago-example-spring-boot/pom.xml
@@ -120,8 +120,37 @@
<groupId>org.glassfish</groupId>
<artifactId>jakarta.el</artifactId>
</exclusion>
+ <!-- tomcat version set where: fix CVE in tomcat-spring-boot-starter -->
+ <exclusion>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-jasper</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-websocket</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!-- tomcat version set where: fix CVE in tomcat-spring-boot-starter -->
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>9.0.54</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-jasper</artifactId>
+ <version>9.0.54</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-websocket</artifactId>
+ <version>9.0.54</version>
+ </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>