New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(sec): upgrade org.apache.tomcat:tomcat-catalina to 8.5.76 #14950
fix(sec): upgrade org.apache.tomcat:tomcat-catalina to 8.5.76 #14950
Conversation
52d343f
to
876d10b
Compare
@stianst would be possible to include this change into 20.0.0? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see a problem with upgrade of the version. However, there is one override of Tomcat version in the testsuite that can be removed with the PR. https://github.com/keycloak/keycloak/blob/main/testsuite/integration-arquillian/servers/pom.xml#L52
@Super-Sky could you please incorporate the changes requested by @martin-kanis ? |
Removed the override in the testsuite pom |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @stianst for the update.
…ak#14950) Co-authored-by: stianst <stianst@gmail.com>
What happened?
There are 8 security vulnerabilities found in org.apache.tomcat:tomcat-catalina 8.5.38
What did I do?
Upgrade org.apache.tomcat:tomcat-catalina from 8.5.38 to 8.5.76 for vulnerability fix
What did you expect to happen?
Ideally, no insecure libs should be used.
The specification of the pull request
PR Specification from OSCS