Skip to content

[#4985] upgrade org.apache.tomcat.embed:tomcat-embed-core to 9.0.108 #4986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 22, 2025
Merged

[#4985] upgrade org.apache.tomcat.embed:tomcat-embed-core to 9.0.108 #4986

merged 1 commit into from
Oct 22, 2025

Conversation

@qinlonglong123
Copy link
Contributor

@qinlonglong123 qinlonglong123 commented Oct 21, 2025
edited
Loading

Due to JDK version constraints, Spring Boot cannot be upgraded further. Therefore, tomcat-embed-core can only be upgraded to 9.0.108 to address the CVE-2025-48989 vulnerability.
Fixes: #4985
Follow this checklist to help us incorporate your contribution quickly and easily:

  • Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
  • Each commit in the pull request should have a meaningful subject line and body.
  • Format the pull request title like [SCB-XXX] Fixes bug in ApproximateQuantiles, where you replace SCB-XXX with the appropriate JIRA issue.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Run mvn clean install -Pit to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
  • If this contribution is large, please file an Apache Individual Contributor License Agreement.

@qinlonglong123
upgrade org.apache.tomcat.embed:tomcat-embed-core to 9.0.108
fb7a2df 
Due to JDK version constraints, Spring Boot cannot be upgraded further. Therefore, tomcat-embed-core can only be upgraded to 9.0.108 to address the CVE-2025-48989 vulnerability.
@qinlonglong123 qinlonglong123 changed the title upgrade org.apache.tomcat.embed:tomcat-embed-core to 9.0.108 [#4985] upgrade org.apache.tomcat.embed:tomcat-embed-core to 9.0.108 Oct 21, 2025
@qinlonglong123
Copy link
Contributor Author

qinlonglong123 commented Oct 22, 2025

@chengyouling
please help review this PR. Thank you.

@SweetWuXiaoMei
Copy link
Member

SweetWuXiaoMei commented Oct 22, 2025

我看没啥问题

@SweetWuXiaoMei SweetWuXiaoMei merged commit 88774b8 into apache:2.8.x Oct 22, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qinlonglong123 @SweetWuXiaoMei