Tomcat still has an issue, but this is the latest so we'll clear
earlier issues out and wait for a fix.
tomcat-embed-core-9.0.39 : CVE-2020-13943
Issue-ID: INT-1766
Change-Id: Idd65f85a5170ed1ed4f1d2dd43877aa738bf7834
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
<name>oparent/dependencies</name>
<packaging>pom</packaging>
<properties>
<name>oparent/dependencies</name>
<packaging>pom</packaging>
<properties>
- <spring.version>5.2.7.RELEASE</spring.version>
- <jetty.version>9.4.30.v20200611</jetty.version>
+ <spring.version>5.2.10.RELEASE</spring.version>
+ <jetty.version>9.4.33.v20201020</jetty.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>29.0-jre</version>
+ <version>30.0-jre</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
- <version>9.0.36</version>
+ <version>9.0.39</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
- <version>4.5.0</version>
+ <version>4.5.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>2.11.0</version>
+ <version>2.11.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>2.11.0</version>
+ <version>2.11.3</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>4.5.12</version>
+ <version>4.5.13</version>
</dependency>
<dependency>
<groupId>xerces</groupId>
</dependency>
<dependency>
<groupId>xerces</groupId>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
- <version>8.32</version>
+ <version>8.37</version>
</dependency>
</dependencies>
</plugin>
</dependency>
</dependencies>
</plugin>