You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by bo...@apache.org on 2020/12/08 17:59:09 UTC
[myfaces-tobago] branch master updated: fix CVE in
tomcat-spring-boot-starter
This is an automated email from the ASF dual-hosted git repository.
bommel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/master by this push:
new ac07392 fix CVE in tomcat-spring-boot-starter
ac07392 is described below
commit ac07392e3584c2a1ccb92de7b7e597a151d719f1
Author: Henning Nöth <hn...@apache.org>
AuthorDate: Tue Dec 8 15:53:36 2020 +0100
fix CVE in tomcat-spring-boot-starter
---
tobago-example/tobago-example-spring-boot/pom.xml | 28 +++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/tobago-example/tobago-example-spring-boot/pom.xml b/tobago-example/tobago-example-spring-boot/pom.xml
index 44a1827..b775d50 100644
--- a/tobago-example/tobago-example-spring-boot/pom.xml
+++ b/tobago-example/tobago-example-spring-boot/pom.xml
@@ -128,8 +128,36 @@
<groupId>org.glassfish</groupId>
<artifactId>jakarta.el</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-jasper</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-websocket</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency> <!-- fix CVE in tomcat-spring-boot-starter -->
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>9.0.40</version>
+ </dependency>
+ <dependency> <!-- fix CVE in tomcat-spring-boot-starter -->
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-jasper</artifactId>
+ <version>9.0.40</version>
+ </dependency>
+ <dependency> <!-- fix CVE in tomcat-spring-boot-starter -->
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-websocket</artifactId>
+ <version>9.0.40</version>
+ </dependency>
+
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>