This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 33a66ca1cc Fixed: CVE-2022-45143 Apache Tomcat - JsonErrorReportValve
injection (OFBIZ-12737)
33a66ca1cc is described below
commit 33a66ca1cc3062014b72d3044a6a8d7fd4267e57
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Jan 9 10:56:50 2023 +0100
Fixed: CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection
(OFBIZ-12737)
See https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.69
---
build.gradle | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index febbeab5b9..2b8441c3c8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -248,8 +248,8 @@ dependencies {
implementation 'org.apache.tika:tika-parsers:2.5.0'
implementation 'org.apache.tika:tika-parser-pdf-module:2.5.0'
implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:3.5.4'
- implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.68' // Remember
to change the version number (9 now) in javadoc block if needed.
- implementation 'org.apache.tomcat:tomcat-jasper:9.0.68'
+ implementation 'org.apache.tomcat:tomcat-catalina-ha:9.0.69' // Remember
to change the version number (9 now) in javadoc block if needed.
+ implementation 'org.apache.tomcat:tomcat-jasper:9.0.69'
implementation 'org.apache.axis2:axis2-kernel:1.8.2'
implementation 'batik:batik-svg-dom:1.6-1'
implementation 'org.apache.xmlgraphics:fop:2.3' // NOTE: since 2.4
dependencies are messed up. See
https://github.com/moqui/moqui-fop/blob/master/build.gradle
