[Snyk] Fix for 3 vulnerabilities#1512
Conversation
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-TOOLSJACKSONCORE-17457696 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17732890 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-TOOLSJACKSONCORE-17457696 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17732890 - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
|
This set of upgrades consists of minor patch updates for Apache Tomcat and Spring Boot. These releases focus on bug fixes, security patches, and dependency upgrades without introducing breaking changes. org.apache.tomcat.embed:tomcat-embed-core & tomcat-embed-websocket (11.0.18 → 11.0.23) This is a patch update for the Tomcat 11.0.x series. The changes between these versions include bug fixes, improvements, and security fixes. Upgrading to 11.0.23 addresses multiple vulnerabilities. No breaking API changes are noted in the changelog for this range. org.springframework.boot:spring-boot-starter-json (4.0.4 → 4.0.7) This is a series of patch releases for Spring Boot. According to the official announcements, versions 4.0.5, 4.0.6, and 4.0.7 contain bug fixes, documentation improvements, and dependency upgrades. These releases also address several CVEs. As patch releases, they are designed to be non-breaking. Source: Apache Tomcat Changelog, Spring Boot Release Announcements
|
Snyk has created this PR to fix 3 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
examples/iOS-Hybrid-App-Java-Server/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-TOOLSJACKSONCORE-17457696
4.0.4->4.0.7Proof of ConceptSNYK-JAVA-ORGAPACHETOMCATEMBED-17732890
11.0.18->11.0.23org.apache.tomcat.embed:tomcat-embed-websocket:
11.0.18->11.0.23No Known ExploitSNYK-JAVA-ORGAPACHETOMCATEMBED-17733746
11.0.18->11.0.23org.apache.tomcat.embed:tomcat-embed-websocket:
11.0.18->11.0.23No Known ExploitBreaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Authentication
🦉 Improperly Controlled Modification of Dynamically-Determined Object Attributes