This is an automated email from the ASF dual-hosted git repository.
mbrohl pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new 119be59 Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)
119be59 is described below
commit 119be59b770bd116ae2cfadf9b4ea74bb8ac82a5
Author: Michael Brohl <
[hidden email]>
AuthorDate: Sun Jun 28 12:46:29 2020 +0200
Fixed: Upgrades Tomcat to 9.0.36 due to CVE-2020-11996 (OFBIZ-11848)
---
build.gradle | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index db4ea95..ca2fa3b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -182,8 +182,8 @@ dependencies {
implementation 'org.apache.shiro:shiro-core:1.4.1' // So far we did not update from 1.4.1 because of a compile issue. You may try w/ a newer version than 1.5.2
implementation 'org.apache.sshd:sshd-core:1.7.0' // So far we did not update from 1.7.0 because of a compile issue. You may try w/ a newer version than 2.4.0
implementation 'org.apache.tika:tika-parsers:1.24'
- implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.34' // Remember to change the version number in javadoc block
- implementation 'org.apache.tomcat:tomcat-jasper:9.0.34'
+ implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.36' // Remember to change the version number in javadoc block
+ implementation 'org.apache.tomcat:tomcat-jasper:9.0.36'
implementation 'org.apache.axis2:axis2-kernel:1.7.9'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: in 2.4 dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle implementation 'org.apache.xmlrpc:xmlrpc-client:3.1.3'
Locked
