Reputation: 73
spring-boot tomcat security vulnerabilities patching
Since spring-boot comes with embedded tomcat containers, I was wondering how is the patching being done. If I decide to go for using embedded approach and a security vulnerability has been found out and the tomcat community has released a patch, how do I apply that patch to the embedded tomcat container which comes with the Spring-boot.
Any help would be greatly appreciated since it will help to decide to go the traditional route of standalone tomcats v's embedded.
Upvotes: 7
Views: 5401
Answers (1)
Reputation: 1728
According to this Spring blog post, you can specify any version of Tomcat you want. As long as it's released to the Maven repo, just add the following property to your Maven build properties specifying whatever version you like: <tomcat.version>8.0.3</tomcat.version>.
See http://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core for versions currently available in Maven Central.
Upvotes: 4
Related Questions
- Spring Security with Spring Boot
- Fixing Open source Vulnerabilities in Java
- CVE-2022-22976 spring boot 2.7.0
- Is Spring/Spring-Security affected by CVE-2022-21449?
- How to resolve Spring RCE vulnerability(CVE-2022-22965)?
- Spring security and spring boot
- Hardening SpringBoot's embedded Tomcat
- Spring boot Security
- spring-boot dependencies and security fixes
- Spring Boot / Security - Cannot customize security when running on embedded Tomcat