This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release17.12 by this push:
new 7756b11 Fixed: Upgrade Tomcat from 9.0.41 to 9.0.43 (OFBIZ-12165)
7756b11 is described below
commit 7756b11421f1c10d5804b400a3b84c7cbb25a694
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Mon Mar 1 23:21:36 2021 +0100
Fixed: Upgrade Tomcat from 9.0.41 to 9.0.43 (OFBIZ-12165)
Fixes 2 security issues:
CVE-2021-25122 h2c request mix-up
Severity: Important
CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence)
Severity: Low
---
build.gradle | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/build.gradle b/build.gradle
index a0c915a..654c801 100644
--- a/build.gradle
+++ b/build.gradle
@@ -174,10 +174,10 @@ dependencies {
compile 'org.apache.tika:tika-core:1.24.1'
compile 'org.apache.tika:tika-parsers:1.24.1'
compile 'org.apache.poi:poi:3.17'
- compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.36'
- compile 'org.apache.tomcat:tomcat-catalina:9.0.36'
- compile 'org.apache.tomcat:tomcat-jasper:9.0.36'
- compile 'org.apache.tomcat:tomcat-tribes:9.0.36'
+ compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.43'
+ compile 'org.apache.tomcat:tomcat-catalina:9.0.43'
+ compile 'org.apache.tomcat:tomcat-jasper:9.0.43'
+ compile 'org.apache.tomcat:tomcat-tribes:9.0.43'
compile 'org.apache.xmlgraphics:fop:2.2'
compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
Locked
