This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/release18.12 by this push:
new 14bcb82 Fixed: Upgrade Tomcat from 9.0.41 to 9.0.43 (OFBIZ-12165)
14bcb82 is described below
commit 14bcb82b6dbe89bb2a2e6ecad4b005bc1a3abf79
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Mon Mar 1 23:15:06 2021 +0100
Fixed: Upgrade Tomcat from 9.0.41 to 9.0.43 (OFBIZ-12165)
Fixes 2 security issues:
CVE-2021-25122 h2c request mix-up
Severity: Important
CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence)
Severity: Low
---
build.gradle | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/build.gradle b/build.gradle
index c81724a..ce78af8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,3 +1,4 @@
+
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
@@ -199,10 +200,10 @@ dependencies {
compile 'org.apache.sshd:sshd-core:1.7.0'
compile 'org.apache.tika:tika-core:1.24.1'
compile 'org.apache.tika:tika-parsers:1.24.1'
- compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.36'
- compile 'org.apache.tomcat:tomcat-catalina:9.0.36'
- compile 'org.apache.tomcat:tomcat-jasper:9.0.36'
- compile 'org.apache.tomcat:tomcat-tribes:9.0.36'
+ compile 'org.apache.tomcat:tomcat-catalina-ha:9.0.43'
+ compile 'org.apache.tomcat:tomcat-catalina:9.0.43'
+ compile 'org.apache.tomcat:tomcat-jasper:9.0.43'
+ compile 'org.apache.tomcat:tomcat-tribes:9.0.43'
compile 'org.apache.xmlgraphics:fop:2.3'
compile 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
compile 'org.apache.xmlrpc:xmlrpc-server:3.1.3'
Locked
