You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by bo...@apache.org on 2020/12/08 17:59:09 UTC

[myfaces-tobago] branch master updated: fix CVE in tomcat-spring-boot-starter

This is an automated email from the ASF dual-hosted git repository.

bommel pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git


The following commit(s) were added to refs/heads/master by this push:
     new ac07392  fix CVE in tomcat-spring-boot-starter
ac07392 is described below

commit ac07392e3584c2a1ccb92de7b7e597a151d719f1
Author: Henning Nöth <hn...@apache.org>
AuthorDate: Tue Dec 8 15:53:36 2020 +0100

    fix CVE in tomcat-spring-boot-starter
---
 tobago-example/tobago-example-spring-boot/pom.xml | 28 +++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/tobago-example/tobago-example-spring-boot/pom.xml b/tobago-example/tobago-example-spring-boot/pom.xml
index 44a1827..b775d50 100644
--- a/tobago-example/tobago-example-spring-boot/pom.xml
+++ b/tobago-example/tobago-example-spring-boot/pom.xml
@@ -128,8 +128,36 @@
                     <groupId>org.glassfish</groupId>
                     <artifactId>jakarta.el</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-jasper</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-websocket</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <dependency> <!-- fix CVE in tomcat-spring-boot-starter -->
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>9.0.40</version>
+        </dependency>
+        <dependency> <!-- fix CVE in tomcat-spring-boot-starter -->
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <version>9.0.40</version>
+        </dependency>
+        <dependency> <!-- fix CVE in tomcat-spring-boot-starter -->
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-websocket</artifactId>
+            <version>9.0.40</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>