Skip to content

Update apache-tomcat monorepo to v9.0.62 #12462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 25, 2022
Merged

Update apache-tomcat monorepo to v9.0.62 #12462

merged 1 commit into from
Apr 25, 2022

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 1, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.apache.tomcat.embed:tomcat-embed-core 9.0.60 -> 9.0.62 age adoption passing confidence
org.apache.tomcat:tomcat-jdbc 9.0.60 -> 9.0.62 age adoption passing confidence

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@CLAassistant
Copy link

CLAassistant commented Apr 1, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@renovate renovate bot changed the title Update dependency org.apache.tomcat.embed:tomcat-embed-core to v9.0.62 Update apache-tomcat monorepo to v9.0.62 Apr 1, 2022
@rainboyan
Copy link
Contributor

rainboyan commented Apr 2, 2022

Spring Framework RCE, Mitigation Alternative

Tomcat Changelog: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html

Tomcat 9.0.62 (remm)

Catalina

Add: Effectively disable the WebappClassLoaderBase.getResources() method as it is not used and if something accidently exposes the class loader this method can be used to gain access to Tomcat internals. (markt)

@puneetbehl puneetbehl merged commit 1c885ff into 5.2.x Apr 25, 2022
@renovate renovate bot deleted the renovate/apache-tomcat-monorepo branch April 25, 2022 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: dependency upgrade

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CLAassistant @rainboyan @puneetbehl @renovate-bot