Fix vulnerability issue: upgrade org.apache.tomcat.embed.tomcat-embed-core to 8.5.42

Issue-ID: LOG-1066
Signed-off-by: Prudence Au <prudence.au@amdocs.com>
Change-Id: I9ede69b718fe177abdd7e56ceb430fd3a7d3ec70

diff --git a/reference/logging-slf4j-demo/pom.xml b/reference/logging-slf4j-demo/pom.xml
index e3989e0..c10f570 100644 (file)
--- a/reference/logging-slf4j-demo/pom.xml
+++ b/reference/logging-slf4j-demo/pom.xml
@@ -16,7 +16,7 @@
              spring-expression 4.3.14 goes to 4.3.17 under 1.5.15
              1.5.17 ups jackson-databind from 2.8.11.2 - but we will likely need 2.9+
          -->
-        <springframework.boot.version>2.0.3.RELEASE</springframework.boot.version>
+        <springframework.boot.version>1.5.22.RELEASE</springframework.boot.version>
         <spring.version>5.1.2.RELEASE</spring.version>
         <logback.version>1.2.3</logback.version>
     </properties>
@@ -81,6 +81,12 @@
                 <version>${springframework.boot.version}</version>
                 <type>pom</type>
                 <scope>import</scope>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.apache.tomcat.embed</groupId>
+                        <artifactId>tomcat-embed-websocket</artifactId>
+                    </exclusion>
+                </exclusions>
             </dependency>
             <dependency>
                 <groupId>org.apache.commons</groupId>