fix: update tomcat-embed to go beyond known cves (#1193)

tamassoltesz · web-flow · commit c4e8afbcd141 · 2025-10-22T14:41:16.000+05:30
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [11.1.1]
+
+- Updates tomcat-embed to 11.0.12 because of security vulnerabilities
+
 ## [11.1.0]
 
 - Adds hikari logs to opentelemetry
diff --git a/build.gradle b/build.gradle
@@ -26,7 +26,7 @@ java {
     }
 }
 
-version = "11.1.0"
+version = "11.1.1"
 
 repositories {
     mavenCentral()
@@ -49,7 +49,7 @@ dependencies {
 
 
     // https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core
-    api group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '11.0.8'
+    api group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '11.0.12'
 
     // https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305
     implementation group: 'com.google.code.findbugs', name: 'jsr305', version: '3.0.2'
diff --git a/implementationDependencies.json b/implementationDependencies.json
@@ -2,14 +2,14 @@
 "_comment": "Contains list of implementation dependencies URL for this project. This is a generated file, don't modify the contents by hand.",
 "list": [
 	{
-		"jar":"https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/11.0.8/tomcat-embed-core-11.0.8.jar",
-		"name":"tomcat-embed-core 11.0.8",
-		"src":"https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/11.0.8/tomcat-embed-core-11.0.8-sources.jar"
+		"jar":"https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/11.0.12/tomcat-embed-core-11.0.12.jar",
+		"name":"tomcat-embed-core 11.0.12",
+		"src":"https://repo.maven.apache.org/maven2/org/apache/tomcat/embed/tomcat-embed-core/11.0.12/tomcat-embed-core-11.0.12-sources.jar"
 	},
 	{
-		"jar":"https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-annotations-api/11.0.8/tomcat-annotations-api-11.0.8.jar",
-		"name":"tomcat-annotations-api 11.0.8",
-		"src":"https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-annotations-api/11.0.8/tomcat-annotations-api-11.0.8-sources.jar"
+		"jar":"https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-annotations-api/11.0.12/tomcat-annotations-api-11.0.12.jar",
+		"name":"tomcat-annotations-api 11.0.12",
+		"src":"https://repo.maven.apache.org/maven2/org/apache/tomcat/tomcat-annotations-api/11.0.12/tomcat-annotations-api-11.0.12-sources.jar"
 	},
 	{
 		"jar":"https://repo.maven.apache.org/maven2/com/google/code/gson/gson/2.13.1/gson-2.13.1.jar",

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ java {`
`26`	`26`	`}`
`27`	`27`	`}`
`28`	`28`
`29`		`-version = "11.1.0"`
	`29`	`+version = "11.1.1"`
`30`	`30`
`31`	`31`	`repositories {`
`32`	`32`	`mavenCentral()`
`@@ -49,7 +49,7 @@ dependencies {`
`49`	`49`
`50`	`50`
`51`	`51`	`// https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core`
`52`		`- api group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '11.0.8'`
	`52`	`+ api group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '11.0.12'`
`53`	`53`
`54`	`54`	`// https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305`
`55`	`55`	`implementation group: 'com.google.code.findbugs', name: 'jsr305', version: '3.0.2'`